CVE-2023-50457: 
NixOS vulnerability analysis and mitigation

An information disclosure vulnerability was discovered in Zammad versions before 6.2.0. The vulnerability, identified as CVE-2023-50457, was disclosed on December 6, 2023. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, users could view entries for which they lack proper permissions (Vendor Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue is related to incorrect authorization (CWE-863) when accessing linked tickets and knowledge base answers (NVD).

The vulnerability allows authenticated users to access information they should not have permission to view, specifically when accessing tickets linked to knowledge base answers or when viewing knowledge base answers linked to tickets. This could lead to unauthorized access to sensitive information (Vendor Advisory).

The vulnerability has been fixed in Zammad version 6.2.0. Users are recommended to upgrade to this version or later. The fix can be obtained through the official Zammad website, FTP server, or through the OS package manager (Vendor Advisory).