CVE-2022-27331
MEDIUMZammad < 5.1.0 - Unauthenticated Exposure of Administrative Configuration
Title source: llmDescription
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://zammad.com/de/advisories/zaa-2022-02
Scores
CVSS v3
4.3
EPSS
0.0064
EPSS Percentile
45.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-668
Status
published
Products (1)
zammad/zammad
< 5.1.0
Published
Apr 27, 2022
Tracked Since
Feb 18, 2026