CVE-2023-48369 — Uncontrolled Resource Consumption in Mattermost Mattermost-server V6

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

5.3MEDIUMNVD

CNA4.3

EPSS

0.1%

top 75.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-server V6 Github.com Mattermost Mattermost Server V8 Mattermost

Timeline

PublishedNov 27

Description

Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶Gogithub.com/mattermost_mattermost-server_v6< 7.8.13

▶Gogithub.com/mattermost_mattermost_server_v89.1.0 — 9.1.1+2

▶CVEListV5mattermost/mattermost7.8.12+3

▶NVDmattermost/mattermost8.0.0 — 8.1.3+3

🔴Vulnerability Details

GHSA

Mattermost Uncontrolled Resource Consumption vulnerability↗2023-11-27

▶

OSV

Mattermost Uncontrolled Resource Consumption vulnerability↗2023-11-27

▶

CVEList

Log Flooding due to specially crafted requests in different endpoints↗2023-11-27

▶