Zammad v5.0.3 Access Control Vulnerability: Unauthorized Broadcast of Administrative Configuration Changes

CVE-2022-27331 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.

Learn more about our User Device Pen Test.