CVE-2022-27331: 
NixOS vulnerability analysis and mitigation

An access control issue was identified in Zammad v5.0.3, tracked as CVE-2022-27331. The vulnerability was discovered and reported on March 21, 2022, and affects the administrative configuration broadcast functionality of the Zammad helpdesk system (CVE Details, Zammad Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue is categorized under CWE-668 (Exposure of Resource to Wrong Sphere). The technical flaw involves broadcasting administrative configuration changes to all users with active application instances, regardless of their authentication status (NVD).

The vulnerability allows unauthorized users to view administrative configuration changes that should be restricted to authenticated users only. This information disclosure could potentially expose sensitive system settings and configurations to unauthorized individuals (Zammad Advisory).

The vulnerability has been fixed in Zammad version 5.1.0. Users are recommended to upgrade to this version or later. The fix can be obtained through the official Zammad website, FTP server, or through the OS package manager (Zammad Advisory).