CVE-2023-48268
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mattermost | Mattermost | 0 <= 7.8.12 | affected |
| Mattermost | Mattermost | 0 <= 8.1.3 | affected |
| Mattermost | Mattermost | 0 <= 9.0.1 | affected |
| Mattermost | Mattermost | 0 <= 9.1.0 | affected |
| Mattermost | Mattermost | 9.1.1 | unaffected |
| Mattermost | Mattermost | 9.0.2 | unaffected |
| Mattermost | Mattermost | 7.8.13 | unaffected |
| Mattermost | Mattermost | 8.1.4 | unaffected |
Weaknesses
- CWE-400: CWE-400: Uncontrolled Resource Consumption
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.