CVE-2023-48268 — Uncontrolled Resource Consumption in Mattermost Mattermost-server V6

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGHNVD

CNA4.3

EPSS

0.1%

top 75.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-server V6 Github.com Mattermost Mattermost Server V8 Mattermost

Timeline

PublishedNov 27

Description

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Gogithub.com/mattermost_mattermost-server_v6< 7.8.13

▶Gogithub.com/mattermost_mattermost_server_v89.1.0 — 9.1.1+2

▶CVEListV5mattermost/mattermost7.8.12+3

▶NVDmattermost/mattermost8.0.0 — 8.1.3+3

🔴Vulnerability Details

GHSA

Mattermost Uncontrolled Resource Consumption vulnerability↗2023-11-27

▶

OSV

Mattermost Uncontrolled Resource Consumption vulnerability↗2023-11-27

▶

CVEList

Denial of Service via Board Import Zip Bomb↗2023-11-27

▶