2 matches found
CVE-2020-10100
An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...
CVE-2020-10100
CVE-2020-10100 (Zammad) affects Zammad 3.0–3.2 and arises from improper access controls in the ticket/customer data view, enabling users from one company to access ticket data from other companies in a multi-tenant deployment. The impact is limited to confidentiality (high impact per CVE sources)...