GoogleOSV:CVE-2023-50455CVE-2023-50455
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the “email address verification” feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
| CPE | Name | Operator | Version |
|---|---|---|---|
| zammad | eq | 5.3.0-alpha | |
| zammad | eq | 5.5.0-alpha | |
| zammad | eq | 1.6.0 | |
| zammad | eq | 6.1.0-alpha | |
| zammad | eq | 5.4.0-alpha | |
| zammad | eq | 2.10.0 | |
| zammad | eq | 1.6.1 | |
| zammad | eq | 6.0.0-alpha | |
| zammad | eq | 3.7.0 | |
| zammad | eq | 5.2.0-alpha |
References
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%