CVE-2023-29868: 
NixOS vulnerability analysis and mitigation

CVE-2023-29868 is a vulnerability discovered in Zammad versions 5.3.x (fixed in 5.4.0) that involves incorrect access control. The vulnerability was disclosed on March 14, 2023, affecting the Zammad helpdesk system. The issue allows authenticated users with both agent and customer roles to perform unauthorized changes on articles where they should only have customer permissions (Vendor Advisory).

The vulnerability is classified with a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, no user interaction, and has no impact on confidentiality but high impact on integrity with no availability impact (NVD).

The vulnerability allows authenticated attackers with dual roles (agent and customer) to modify articles beyond their intended permissions. This could lead to unauthorized modifications of content where the user should only have customer-level access (Vendor Advisory).

The vulnerability has been fixed in Zammad version 5.4.0. Users are recommended to upgrade to this version or later. The fix can be obtained through the official Zammad website, FTP server, or through the OS package manager (Vendor Advisory).