CVE-2023-29868

MEDIUM

Zammad < 5.4.0 - Origin Validation Error

Title source: rule

Description

Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.

References (1)

[Vendor Advisory] https://zammad.com/en/advisories/zaa-2023-01

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 40.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-346

Status published

Affected Products (1)

zammad/zammad < 5.4.0

Timeline

Published May 02, 2023

Tracked Since Feb 18, 2026