An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the “email address verification” feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
CPE | Name | Operator | Version |
---|---|---|---|
zammad | eq | 6.1.0 alpha | |
zammad | eq | 6.1.0 | |
zammad | eq | 6.2.0 alpha |