CVE-2023-49607Improper Check for Unusual or Exceptional Conditions in Mattermost

CWE-754Improper Check for Unusual or Exceptional Conditions3 documents3 sources
Severity
7.5HIGHNVD
CNA4.3
EPSS
0.1%
top 70.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MattermostMattermost Server
Timeline
PublishedDec 12

Description

Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5mattermost/mattermost8.1.5+3
NVDmattermost/mattermost_server8.0.08.1.5+5

🔴Vulnerability Details

2
GHSA
GHSA-g6qp-9v7f-3wh3: Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the sta2023-12-12
CVEList
Playbook plugin crash via missing interface type assertion2023-12-12
CVE-2023-49607 — Mattermost vulnerability | cvebase