2 matches found
CVE-2022-35488
In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim...
CVE-2022-35488
CVE-2022-35488 affects Zammad 5.2.0. The vulnerability stems from insufficient rate-limiting in the forgot-password flow, allowing an attacker to generate many requests for a known account and trigger mass-email delivery, resulting in Denial of Service and potential user spam. Red Hat and CVE rec...