An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://zammad.com/en/advisories/zaa-2024-01 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-04-26T00:00:00
Updated: 2024-08-02T02:36:04.552Z
Reserved: 2024-04-26T00:00:00
Link: CVE-2024-33666
Vulnrichment
Updated: 2024-05-01T17:14:14.603Z
NVD
Status : Awaiting Analysis
Published: 2024-04-26T01:15:46.190
Modified: 2024-07-03T01:58:33.837
Link: CVE-2024-33666
Redhat
No data.