CVE-2023-48268

Summary

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 7.8.12affected
MattermostMattermost0 <= 8.1.3affected
MattermostMattermost0 <= 9.0.1affected
MattermostMattermost0 <= 9.1.0affected
MattermostMattermost9.1.1unaffected
MattermostMattermost9.0.2unaffected
MattermostMattermost7.8.13unaffected
MattermostMattermost8.1.4unaffected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References