CVE-2023-5876

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 69.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mattermost Mattermost Desktop
Timeline
PublishedNov 2
Latest updateApr 7

Description

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-p8hg-mm67-hmp8: Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial2023-11-02
CVEList
Regex DoS from a malicious server enrolled in Desktop2023-11-02

📋Vendor Advisories

1
Chrome
Stable Channel Update for Desktop: CVE-2026-58762026-04-07
CVE-2023-5876 (MEDIUM CVSS 5.3) | Mattermost fails to properly valida | cvebase.io