Denial Of Service Vulnerability in Zammad by Zammad Inc.
CVE-2023-50455

7.5HIGH

Key Information:

Vendor: Zammad
Status: Zammad
Vendor: CVE Published:; 10 December 2023

What is CVE-2023-50455?

A flaw in Zammad versions prior to 6.2.0 allows attackers to exploit the email address verification feature by sending a high volume of requests for a single email address. This lack of rate limiting can lead to Denial of Service, overwhelming the target with numerous verification emails, which not only clogs the server but also spams the victim's inbox.

References

https://zammad.com/en/advisories/zaa-2023-06

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2023
Vulnerability Reserved
Dec 10, 2023

CVE-2023-50455 Data

JSON