CVE-2023-3585Uncontrolled Resource Consumption in Server

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 61.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost ServerMattermost
Timeline
PublishedJul 17

Description

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDmattermost/mattermost_server7.9.07.9.5+2
CVEListV5mattermost/mattermost7.8.6+2

🔴Vulnerability Details

2
CVEList
channel DoS by sharing a boards link2023-07-17
GHSA
GHSA-hx65-c266-87h8: Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link2023-07-17
CVE-2023-3585 — Uncontrolled Resource Consumption | cvebase