cbcvebase.
CVE-2023-5967
published 2023-11-06

CVE-2023-5967: Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and…

PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.51%
39.6th percentile
Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

Affected

7 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server_v6>= 0 < 7.8.127.8.12
github.commattermost_mattermost_server_v8>= 8.0.0 < 8.0.48.0.4
github.commattermost_mattermost_server_v8>= 8.1.0 < 8.1.38.1.3
github.commattermost_mattermost_server_v8>= 9.0.0 < 9.0.19.0.1
mattermostmattermost<= 7.8.11
mattermostmattermost8.0.0 – 8.0.3
mattermostmattermost8.1.0 – 8.1.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.