Infos:
- Used Zammad version: 6.1.x
- Used Zammad installation type: docker-compose
- Operating system: Debian
- Browser + version: doesnt matter
Expected behavior:
Customers should not receive notifications that are not intended for them.
*
Actual behavior:
We have noticed that on notifications “There are tickets that require your attention”, there is an email address that doesn’t belong to any agent. After short investigation we found that there was a customer account created over email channel (normal flow), but the user has name and surname exactly matching our active agent. Lets say you have an agent with email agent1@yourdomain.com and Name/Surname John Smith, then you have customer with email whatever@external.com and Name/Surname John Smith. The final result is that whatever@external.com (customer), receives notifications about tickets that are dedicated for an agent agent1@yourdomain.com.
This customer doesn’t have access to tickets, but receives emails that should not receive. I know its out of date version and needs an upgrade due to security bugs, but looking to your bug list, I did not find any that strictly describes this behavior. Is it a known bug ?
*
Steps to reproduce the behavior:
As described above