Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-28
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-12-28
An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-12-28
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-12-28
Page 3