Zammad 5.3.x (Fixed in 5.4.0) Incorrect Access Control Vulnerability

Zammad 5.3.x (Fixed in 5.4.0) Incorrect Access Control Vulnerability

CVE-2023-29868 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.

Learn more about our Web Application Penetration Testing UK.