CVE-2020-29160
HIGH WAF: Low
CVSS 7.5
Published: 2020-12-28
CWE-862
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.
WAF Coverage Analysis
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| zammad | zammad | up to 3.5.1 |
References
- github.com (Patch, Third Party Advisory)
- zammad.com (Vendor Advisory)