CVE-2022-29700

{"id": "CVE-2022-29700", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-04-27T03:15:39.693", "references": [{"url": "https://zammad.com/en/advisories/zaa-2022-03", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://zammad.com/en/advisories/zaa-2022-03", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification."}, {"lang": "es", "value": "Una falta de restricci\u00f3n de la longitud de las contrase\u00f1as en Zammad versi\u00f3n v5.1.0, permite la creaci\u00f3n de contrase\u00f1as extremadamente largas que pueden causar una Denegaci\u00f3n de Servicio (DoS) durante la verificaci\u00f3n de la contrase\u00f1a"}], "lastModified": "2024-11-21T06:59:35.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zammad:zammad:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A140156-213D-418E-93D5-7286D95DAA92"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}