CVE-2023-50455: 
NixOS vulnerability analysis and mitigation

An issue was discovered in Zammad before version 6.2.0 related to the 'email address verification' feature. The vulnerability was disclosed on December 10, 2023, and assigned identifier CVE-2023-50455. The affected component is the email verification system in Zammad installations prior to version 6.2.0 (NVD, Vendor Advisory).

The vulnerability stems from a lack of rate limiting in the email address verification feature. This security flaw has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD).

If exploited, this vulnerability allows an attacker to cause a Denial of Service (DoS) condition by generating numerous emails through repeated requests to the email verification feature. This not only impacts system resources but also results in spam emails being sent to the victim's address (Vendor Advisory).

The vulnerability has been fixed in Zammad version 6.2.0. Users are strongly recommended to upgrade to this version or later. The fix can be obtained through the official Zammad website, FTP server, or through the OS package manager (Vendor Advisory).