CVE-2023-49809Uncontrolled Resource Consumption in Mattermost

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.5MEDIUMNVD
CNA4.3
EPSS
0.1%
top 67.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MattermostMattermost Server
Timeline
PublishedDec 12

Description

Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mattermost/mattermost8.1.5
NVDmattermost/mattermost_server9.0.09.1.0+1

🔴Vulnerability Details

2
CVEList
Todo plugin gets crashed and disabled by member2023-12-12
GHSA
GHSA-478w-7mxw-36gh: Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoin2023-12-12
CVE-2023-49809 — Uncontrolled Resource Consumption | cvebase