CVE-2024-33666
April 26, 2024, 12:58 p.m.
Tags
Product(s) Impacted
Zammad
- before 6.3.0
Description
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.
Weaknesses
Date
Published: April 26, 2024, 1:15 a.m.
Last Modified: April 26, 2024, 12:58 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://zammad.com/
cve@mitre.org