CVE-2023-5967 — Improper Check for Unusual or Exceptional Conditions in Mattermost Mattermost-server V6

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 72.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-server V6 Github.com Mattermost Mattermost Server V8 Mattermost

Timeline

PublishedNov 6

Description

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶Gogithub.com/mattermost_mattermost-server_v6< 7.8.12

▶Gogithub.com/mattermost_mattermost_server_v88.0.0 — 8.0.4+2

▶CVEListV5mattermost/mattermost8.1.2+2

▶NVDmattermost/mattermost8.0.0 — 8.0.3+2

🔴Vulnerability Details

CVEList

Denial of Service via crashing the Calls Plugin↗2023-11-06

▶

GHSA

Mattermost denial of service vulnerability↗2023-11-06

▶

OSV

Mattermost denial of service vulnerability↗2023-11-06

▶