CVE-2023-49809

Summary

Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled. 

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 8.1.5affected
MattermostMattermost8.1.6unaffected
MattermostMattermost9.2.0unaffected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References