An issue exists in Zammad prior to 3.5.1. A REST API call allows an malicious user to change Ticket Article data in a way that defeats auditing.
zammad zammad