Lucene search

[email protected]CVE-2023-50455

HistoryDec 10, 2023 - 7:15 p.m.

CVE-2023-50455

2023-12-1019:15:07

CWE-770

[email protected]

web.nvd.nist.gov

zammad

email address verification

denial of service

cve-2023-50455

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the “email address verification” feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).

Affected configurations

NVD

Node

zammadzammadMatch6.1.0-

zammadzammadMatch6.1.0alpha

zammadzammadMatch6.2.0alpha

CPENameOperatorVersion
zammad:zammadzammadeq6.1.0
zammad:zammadzammadeq6.2.0

CPE	Name	Operator	Version
zammad:zammad	zammad	eq	6.1.0
zammad:zammad	zammad	eq	6.2.0

References

zammad.com/en/advisories/zaa-2023-06

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-50455

prion1 cvelist1 nvd1 osv1