CVE-2018-21258Injection in Mattermost Mattermost-server

CWE-74InjectionCWE-400Uncontrolled Resource Consumption5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Mattermost Mattermost-serverGithub.com Mattermost Mattermost-server V5Mattermost Server
Timeline
PublishedJun 19
Latest updateNov 25

Description

An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

4
OSV
Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server2025-11-25
GHSA
Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command2022-05-24
OSV
Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command2022-05-24
CVEList
CVE-2018-21258: An issue was discovered in Mattermost Server before 52020-06-19
CVE-2018-21258 — Injection | cvebase