Design/Logic Flaw

2020-12-2808:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.6%

An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.

CPENameOperatorVersion
zammadlt3.5.1

CPE	Name	Operator	Version
	zammad	lt	3.5.1

References

github.com/zammad/zammad/commit/28944de180a88698509a656f61558bf9d7f810f4

zammad.com/en/advisories/zaa-2020-24