CVE-2022-35488 Information

Description

In Zammad 5.2.0 an attacker could manipulate the rate limiting in the ‘forgot password’ feature of Zammad and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

Reference

https://zammad.com/de/advisories/zaa-2022-05