Home > Vulnerability Database > CVE-2022-40817

Mend.io Vulnerability Database

CVE-2022-40817

Good to know:

Date: September 27, 2022

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.

Language: Ruby

Severity Score

4.3

Related Resources (3)

Url: https://zammad.com/de/advisories/zaa-2022-10

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-40817

Url: https://www.mend.io/vulnerability-database/CVE-2022-40817

Severity Score

4.3

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version 5.2.2

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-40817

Good to know:

Date: September 27, 2022

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?