Zammad 5.3.x (Fixed in 5.4.0) Incorrect Access Control Vulnerability
CVE-2023-29868 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Learn more about our Web Application Penetration Testing UK.