CVE-2020-14213

EUVD-2020-6366
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
zammadzammad
𝑥
< 3.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/zammad/zammad/commit/6e56aee25439b7a3211a6704a9d60453ad623ae4
https://zammad.com/news/security-advisory-zaa-2020-13
https://github.com/zammad/zammad/commit/6e56aee25439b7a3211a6704a9d60453ad623ae4
https://zammad.com/news/security-advisory-zaa-2020-13