Описание
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zammad:zammad:6.1.0:-:*:*:*:*:*:*
cpe:2.3:a:zammad:zammad:6.1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:zammad:zammad:6.2.0:alpha:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00168
Низкий
7.5 High
CVSS3
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.5
debian
почти 2 года назад
An issue was discovered in Zammad before 6.2.0. Due to lack of rate li ...
CVSS3: 7.5
github
почти 2 года назад
An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
EPSS
Процентиль: 39%
0.00168
Низкий
7.5 High
CVSS3
Дефекты
CWE-770