Lucene search

Veracode Vulnerability DatabaseVERACODE:46027

HistoryMar 27, 2024 - 6:37 a.m.

Denial Of Service (DOS)

2024-03-2706:37:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

mattermost

software vulnerability

@-mentions

authenticated attacker

client applications

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

github.com/mattermost/mattermost-server is vulnerable to a Denial of Service. The vulnerability is due to missing limits on the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.

References

mattermost.com/security-updates/#:~:text=Mattermost%20Server-,MMSA%2D2024%2D00296,-Medium

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46027