CVE-2023-49809
published 2023-12-12CVE-2023-49809: Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | <= 8.1.5 | — |
| mattermost | mattermost_server | <= 8.1.5 | — |
| mattermost | mattermost_server | 9.0.0 – 9.1.0 | — |