Zammad prior to 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad |