Zammad Access Control Error Vulnerability (CNVD-2022-66765)
Discription
Zammad is a suite of ticket management software from Zammad Germany. version 5.2.1 of Zammad contains an access control error vulnerability, which stems from the existence of faulty access control in the program. Zammad’s asset handling mechanism has logic to ensure that client users cannot see other users’ personal information, and this logic is invalid when used over a Web socket connection. An authenticated attacker could use this vulnerability to query the Zammad API to obtain other users’ personal data.Read More
References
Back to Main