CVE-2022-40817

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.

Related Vulnerabilities

CVE-2016-11065

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.

CWE-7322016

CVE-2016-11080

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

CWE-7322016

CVE-2017-18870

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.

CWE-7322017

CVE-2017-18872

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

CWE-7322017

CVE-2017-18878

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.

CWE-7322017

CVE-2017-18910

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.

CWE-7322017