Key Information about the Vulnerability from the Screenshot ID: ZAA-2022-10 Date: 09/13/2022 Title: Incorrect Access Control Severity: medium Product: Zammad 5.2.x Fixed in: Zammad 5.2.2 References: CVE-2022-40817 Vulnerability Description Incorrect Access Control: Zammad has a fine-grained permission model to configure read-only access to tickets. However, agents were incorrectly able to perform certain operations on read-only tickets, such as adding and removing links, tags, and related answers. Recommended Resolution Upgrade to the latest version of Zammad where the vulnerability is fixed. Check for fixed releases at: - zammad.org - ftp.zammad.com Alternatively, update Zammad via your OS package manager. Additional Information For more details, refer to the online version of this advisory: zammad.com/en/advisories/zaa-2022-10 Security-related remarks can be sent exclusively to: security@zammad.com