Vulnerability: Ticket Notification Leakage in Zammad 5.0.2

Vulnerability: Ticket Notification Leakage in Zammad 5.0.2

CVE-2021-44886 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.

Learn more about our Cis Benchmark Audit For Microsoft Office.