Unrated severityNVD Advisory· Published Sep 27, 2022· Updated May 21, 2025
CVE-2022-40816
CVE-2022-40816
Description
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- zammad.com/de/advisories/zaa-2022-09mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.