CVE-2023-49809
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mattermost | Mattermost | 0 <= 8.1.5 | affected |
| Mattermost | Mattermost | 8.1.6 | unaffected |
| Mattermost | Mattermost | 9.2.0 | unaffected |
Weaknesses
- CWE-400: CWE-400: Uncontrolled Resource Consumption
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.