CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt