CVE-2023-29867
MEDIUMZammad < 5.4.0 - Origin Validation Error
Title source: ruleDescription
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
Scores
CVSS v3
6.5
EPSS
0.0035
EPSS Percentile
56.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-346
Status
published
Affected Products (1)
zammad/zammad
< 5.4.0
Timeline
Published
May 02, 2023
Tracked Since
Feb 18, 2026