CVE 2020-29159
An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
See the 
CVE page on Mitre.org
for more details.
