ZAA-2021-19
· Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!
· Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!
Zammad comes with the functionality to list Tickets in overviews. Only Tickets are shown for which the current User has permissions. Because of incorrect access control it was possible to see Tickets of the same Organization if the Organization is marked as shared. However, it was not possible to open the Ticket but only to see the meta information like title, state etc.
Special 🙏 and 🤘 and ❤️ to:
This vulnerability is fixed in the latest versions of Zammad and it is recommended to upgrade to one of these.
Fixed releases can be found at:
Online version of this advisory: https://zammad.com/en/advisories/zaa-2021-19
Send all remarks to security issues to security@zammad.com.