PT-2022-19790 · Zammad · Zammad

Published

2022-04-27

Updated

2022-05-05

CVE-2022-29701

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Zammad version 5.1.0

Description A lack of rate limiting in the 'forgot password' feature allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.

Recommendations For Zammad version 5.1.0, consider implementing rate limiting on the 'forgot password' feature to prevent excessive reset requests until a patch is available. As a temporary workaround, restrict access to the 'forgot password' feature to minimize the risk of exploitation.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2022-29701

Affected Products

Zammad

PT-2022-19790 · Zammad · Zammad

CVE-2022-29701

Weakness Enumeration

Related Identifiers

Affected Products

References · 4