Denial of Service Vulnerability in Zammad by Zammad
CVE-2022-29700

7.5HIGH

Key Information:

Vendor

Zammad

Status
Zammad
Vendor
CVE Published:
27 April 2022

What is CVE-2022-29700?

The vulnerability in Zammad v5.1.0 originates from an inadequate password length restriction, enabling users to create excessively long passwords. This flaw can lead to Denial of Service (DoS) conditions during the process of password verification, potentially disrupting service availability. For further insights into this issue, refer to the detailed advisory provided by Zammad.

References

https://zammad.com/en/advisories/zaa-2022-03
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.