CVE-2022-35490

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-35490

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35490.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-35490

Published

2022-08-08T14:15:10Z

Modified

2025-01-08T08:56:32.041155Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.

References

https://zammad.com/de/advisories/zaa-2022-07

Affected packages

Git / github.com/zammad/zammad

Affected ranges

Type: GIT
Repo: https://github.com/zammad/zammad
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

29bf395d540985d2c78137c50ef48c975398af93

Last affected

f8786f822c666dc2ca9e54d78e24c00963f617b6

Affected versions

1.*

1.6.0

1.6.1

2.*

2.10.0

3.*

3.7.0

5.*

5.2.0

5.2.0-alpha