CVE 2022-35489

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.

See the CVE page on Mitre.org for more details.