CVE-2023-45847

Summary

Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 8.1.5affected
MattermostMattermost0 <= 9.0.3affected
MattermostMattermost0 <= 9.1.2affected
MattermostMattermost0 <= 9.2.1affected
MattermostMattermost9.2.2unaffected
MattermostMattermost8.1.6unaffected
MattermostMattermost9.0.4unaffected
MattermostMattermost9.1.3unaffected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References