Zammad 5.2.0 Vulnerability: Unauthorized Access to System Organizations by Customers with Secondary Organizations

Zammad 5.2.0 Vulnerability: Unauthorized Access to System Organizations by Customers with Secondary Organizations

CVE-2022-35489 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.

Learn more about our Web Application Penetration Testing UK.