Data Manipulation and Unauthorized Access in Zammad by Zammad
CVE-2023-31597

6.5MEDIUM

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 18 May 2023

What is CVE-2023-31597?

A flaw in Zammad version 5.4.0 permits attackers to bypass the email verification process by using any arbitrary email address. This vulnerability allows them to manipulate the data associated with the generated user accounts, subsequently gaining unauthorized access to existing ticketing information. Consequently, this can lead to potential data breaches and misuse of sensitive information.

References

https://zammad.com/de/advisories/zaa-2023-03

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Apr 29, 2023

CVE-2023-31597 Data

JSON