5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%
The version of Mattermost Server running on the remote host is prior to 7.8.12, 8.0.x prior to 8.0.3, 8.1.x prior to 8.1.3 or 9.0.0. It is, therefore, affected by multiple vulnerabilities:
Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin (CVE-2023-5967)
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. (CVE-2023-5968)
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. (CVE-2023-5969)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(185731);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/16");
script_cve_id("CVE-2023-5967", "CVE-2023-5968", "CVE-2023-5969");
script_xref(name:"IAVA", value:"2023-A-0613-S");
script_name(english:"Mattermost Server < 7.8.12 / 8.0.x < 8.0.4 / 8.1.x < 8.1.3 / 9.0.0 Multiple Vulnerabilities (MMSA-2023-00240) (MMSA-2023-00242) (MMSA-2023-00246)");
script_set_attribute(attribute:"synopsis", value:
"A web application running on the remote server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Mattermost Server running on the remote host is prior to 7.8.12, 8.0.x prior to 8.0.3, 8.1.x prior to
8.1.3 or 9.0.0. It is, therefore, affected by multiple vulnerabilities:
- Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request
without a User Agent header to cause a panic and crash the Calls plugin (CVE-2023-5967)
- Mattermost fails to properly sanitize the user object when updating the username, resulting in the password
hash being included in the response body. (CVE-2023-5968)
- Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker,
sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large
items. (CVE-2023-5969)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mattermost.com/security-updates/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mattermost Server version 7.8.12, 8.0.4, 8.1.3, 9.0.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5968");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mattermost:mattermost_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mattermost_server_detect.nbin");
script_require_keys("installed_sw/Mattermost Server");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:80);
var app_info = vcf::get_app_info(app:'Mattermost Server', port:port, webapp:TRUE);
var constraints = [
{ 'fixed_version' : '7.8.12' },
{ 'min_version' : '8.0', 'fixed_version' : '8.0.4' },
{ 'min_version' : '8.1', 'fixed_version' : '8.1.3' },
{ 'min_version' : '9.0', 'fixed_version' : '9.0.1' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
mattermost | mattermost_server | cpe:/a:mattermost:mattermost_server |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%