Zammad 5.3.x (Fixed 5.4.0) Incorrect Access Control Vulnerability

CVE-2023-29867 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.

Learn more about our Api Penetration Testing.