An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.
References
| Link | Resource |
|---|---|
| https://zammad.com/en/advisories/zaa-2024-01 | Vendor Advisory |
| https://zammad.com/en/advisories/zaa-2024-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Apr 2025, 16:40
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:* cpe:2.3:a:zammad:zammad:6.3.0:alpha:*:*:*:*:*:* |
|
| First Time |
Zammad zammad
Zammad |
|
| References | () https://zammad.com/en/advisories/zaa-2024-01 - Vendor Advisory |
21 Nov 2024, 09:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://zammad.com/en/advisories/zaa-2024-01 - |
03 Jul 2024, 01:58
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-284 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
| Summary |
|
26 Apr 2024, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-26 01:15
Updated : 2025-04-15 16:40
NVD link : CVE-2024-33666
Mitre link : CVE-2024-33666
CVE.ORG link : CVE-2024-33666
JSON object : View
Products Affected
zammad
- zammad
CWE
CWE-284
Improper Access Control