Privilege Escalation in Zammad by Zammad GmbH
CVE-2022-35490

9.8CRITICAL

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 8 August 2022

What is CVE-2022-35490?

In Zammad 5.2.0, a vulnerability exists that allows an attacker to bypass the built-in brute-force attack prevention mechanism. This can enable unauthorized users to attempt more login requests than the allowed threshold before users are invalidated. Consequently, this exposes the system to potential privilege escalation attacks, as unauthorized access could be gained without proper authentication controls.

References

https://zammad.com/de/advisories/zaa-2022-07

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2022
Vulnerability Reserved
Jul 11, 2022

CVE-2022-35490 Data

JSON