CVE-2022-40817 Information

Description

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However agents were still wrongly able to perform some operations on such tickets like adding and removing links tags. and related answers. This issue has been fixed in 5.2.2.

Reference

https://zammad.com/de/advisories/zaa-2022-10