Lucene search

[email protected]CVE-2023-5333

HistoryOct 09, 2023 - 11:15 a.m.

CVE-2023-5333

2023-10-0911:15:11

NVD-CWE-noinfo

CWE-400

[email protected]

web.nvd.nist.gov

mattermost

cve-2023-5333

input id deduplication

resource consumption

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.

CPENameOperatorVersion
mattermost:mattermost_servermattermost mattermost serverlt7.8.11
mattermost:mattermost_servermattermost mattermost servereq3.7.2
mattermost:mattermost_servermattermost mattermost servereq5.14.3
mattermost:mattermost_servermattermost mattermost servereq7.8.3
mattermost:mattermost_servermattermost mattermost servereq4.8.0
mattermost:mattermost_servermattermost mattermost servereq4.4.3
mattermost:mattermost_servermattermost mattermost servereq5.25.0
mattermost:mattermost_servermattermost mattermost servereq5.22.3
mattermost:mattermost_servermattermost mattermost servereq5.26.2
mattermost:mattermost_servermattermost mattermost servereq5.29.0

CPE	Name	Operator	Version
mattermost:mattermost_server	mattermost mattermost server	lt	7.8.11
mattermost:mattermost_server	mattermost mattermost server	eq	3.7.2
mattermost:mattermost_server	mattermost mattermost server	eq	5.14.3
mattermost:mattermost_server	mattermost mattermost server	eq	7.8.3
mattermost:mattermost_server	mattermost mattermost server	eq	4.8.0
mattermost:mattermost_server	mattermost mattermost server	eq	4.4.3
mattermost:mattermost_server	mattermost mattermost server	eq	5.25.0
mattermost:mattermost_server	mattermost mattermost server	eq	5.22.3
mattermost:mattermost_server	mattermost mattermost server	eq	5.26.2
mattermost:mattermost_server	mattermost mattermost server	eq	5.29.0

Rows per page:

1-10 of 3541

References

mattermost.com/security-updates

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

Related for CVE-2023-5333

osv2 cvelist1 prion1 veracode1