CVE-2021-37863 — Improper Input Validation in Mattermost

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.7MEDIUMNVD

CNA3.5

EPSS

0.6%

top 31.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Mattermost Server

Timeline

PublishedDec 17

Latest updateDec 18

Description

Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mattermost/mattermostunspecified — 6.0

▶NVDmattermost/mattermost_server6.0

🔴Vulnerability Details

GHSA

GHSA-7523-wx28-g6xf: Mattermost 6↗2021-12-18

▶

CVEList

CVE-2021-37863: Mattermost 6↗2021-12-17

▶