cnvd - cnvd-2022-66765

CNVD-2022-66765

Vulnerability from cnvd - Published: 2022-09-27

Title

Zammad访问控制错误漏洞（CNVD-2022-66765）

Description

Zammad是德国Zammad公司的一套票务管理软件。 Zammad 5.2.1版本存在访问控制错误漏洞，该漏洞源于程序存在错误的访问控制，Zammad的资产处理机制具有确保客户用户无法看到其他用户个人信息的逻辑，此逻辑在通过Web套接字连接使用时无效，经过身份验证的的攻击者可利用该漏洞将能够通过查询Zammad API来获取其他用户的个人数据。

Severity

中

Patch Name

Zammad访问控制错误漏洞（CNVD-2022-66765）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://zammad.com/de/advisories/zaa-2022-09

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-40816

Impacted products

Name
Zammad Zammad 5.2.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-40816",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-40816"
    }
  },
  "description": "Zammad\u662f\u5fb7\u56fdZammad\u516c\u53f8\u7684\u4e00\u5957\u7968\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nZammad 5.2.1\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5b58\u5728\u9519\u8bef\u7684\u8bbf\u95ee\u63a7\u5236\uff0cZammad\u7684\u8d44\u4ea7\u5904\u7406\u673a\u5236\u5177\u6709\u786e\u4fdd\u5ba2\u6237\u7528\u6237\u65e0\u6cd5\u770b\u5230\u5176\u4ed6\u7528\u6237\u4e2a\u4eba\u4fe1\u606f\u7684\u903b\u8f91\uff0c\u6b64\u903b\u8f91\u5728\u901a\u8fc7Web\u5957\u63a5\u5b57\u8fde\u63a5\u4f7f\u7528\u65f6\u65e0\u6548\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u80fd\u591f\u901a\u8fc7\u67e5\u8be2Zammad API\u6765\u83b7\u53d6\u5176\u4ed6\u7528\u6237\u7684\u4e2a\u4eba\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://zammad.com/de/advisories/zaa-2022-09",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-66765",
  "openTime": "2022-09-27",
  "patchDescription": "Zammad\u662f\u5fb7\u56fdZammad\u516c\u53f8\u7684\u4e00\u5957\u7968\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nZammad 5.2.1\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5b58\u5728\u9519\u8bef\u7684\u8bbf\u95ee\u63a7\u5236\uff0cZammad\u7684\u8d44\u4ea7\u5904\u7406\u673a\u5236\u5177\u6709\u786e\u4fdd\u5ba2\u6237\u7528\u6237\u65e0\u6cd5\u770b\u5230\u5176\u4ed6\u7528\u6237\u4e2a\u4eba\u4fe1\u606f\u7684\u903b\u8f91\uff0c\u6b64\u903b\u8f91\u5728\u901a\u8fc7Web\u5957\u63a5\u5b57\u8fde\u63a5\u4f7f\u7528\u65f6\u65e0\u6548\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u80fd\u591f\u901a\u8fc7\u67e5\u8be2Zammad API\u6765\u83b7\u53d6\u5176\u4ed6\u7528\u6237\u7684\u4e2a\u4eba\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Zammad\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2022-66765\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Zammad Zammad 5.2.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-40816",
  "serverity": "\u4e2d",
  "submitTime": "2022-09-29",
  "title": "Zammad\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2022-66765\uff09"
}

CVE-2022-40816 (GCVE-0-2022-40816)

Vulnerability from cvelistv5 – Published: 2022-09-27 15:27 – Updated: 2025-05-21 15:07

Summary

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

Assigner

mitre

References

URL

Tags

https://zammad.com/de/advisories/zaa-2022-09

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:28:42.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://zammad.com/de/advisories/zaa-2022-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-40816",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-21T15:06:57.078527Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-21T15:07:27.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad\u0027s asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-27T15:27:48.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zammad.com/de/advisories/zaa-2022-09"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-40816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad\u0027s asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://zammad.com/de/advisories/zaa-2022-09",
              "refsource": "MISC",
              "url": "https://zammad.com/de/advisories/zaa-2022-09"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-40816",
    "datePublished": "2022-09-27T15:27:48.000Z",
    "dateReserved": "2022-09-19T00:00:00.000Z",
    "dateUpdated": "2025-05-21T15:07:27.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-66765

CVE-2022-40816 (GCVE-0-2022-40816)

Tags

Sightings

Nomenclature