ID: ZAA-2023-01 Release Date: 2023-03-14 Vulnerability: Unauthorized Access Severity: Low Affected Product(s): Zammad 5.3.x Patched In: Zammad 5.4.0 CVE Reference: CVE-2023-29868 Vulnerability Description: An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. Recommendation: This vulnerability is addressed in the latest versions of Zammad and upgrading to one of these is recommended. Fixed releases can be found at: https://zammad.org/ https://ftp.zammad.com/ Or just update your Zammad if installed via OS package manager. Additional Information: For the online version of this advisory visit: https://zammad.com/en/advisories/zaa-2023-01 For remarks on security, contact: security@zammad.com