Bypassing Access Control on Internal Articles in Zammad

Bypassing Access Control on Internal Articles in Zammad

CVE-2020-29158 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.

Learn more about our Internal Network Penetration Testing.