2 matches found
CVE-2022-35487
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files...
CVE-2022-35487
CVE-2022-35487 affects Zammad 5.2.0 with an Incorrect Access Control bug: authorization on certain attachment endpoints is not performed correctly, allowing an unauthenticated attacker to access attachments (e.g., emails or attached files). The NVD entry reports a CVSS v3.1 base score of 7.5 (HIG...