CVE-2023-29867

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-346
View all →

Vulnerability Description

Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.

Related Vulnerabilities

CVE-2018-12402

MEDIUM
CVSS:6.5(Medium)

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example...

CWE-3462018

CVE-2018-16072

MEDIUM
CVSS:6.5(Medium)

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CWE-3462018

CVE-2018-18494

MEDIUM
CVSS:6.5(Medium)

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is...

CWE-3462018

CVE-2018-18499

MEDIUM
CVSS:6.5(Medium)

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). Th...

CWE-3462018

CVE-2019-13664

MEDIUM
CVSS:6.5(Medium)

Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CWE-3462019

CVE-2019-13740

MEDIUM
CVSS:6.5(Medium)

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CWE-3462019