Lucene search
MattermostCVE-2023-5876HistoryNov 02, 2023 - 9:15 a.m.
CVE-2023-5876
2023-11-0209:15:08
CWE-400
Mattermost
web.nvd.nist.gov
35
cve-2023-5876
mattermost
server url
regexp validation
vulnerability
denial of service
dos
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
13.3%
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
Affected configurations
Node
mattermostmattermost_desktopRange<5.5.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_desktop | * | cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Mattermost Desktop",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.5.1"
}
]
}
]References
Related
vulnrichment
vulnrichment
CVE-2023-5876 Regex DoS from a malicious server enrolled in Desktop
2023-11-02 08:26:01
cvelist
cvelist
CVE-2023-5876 Regex DoS from a malicious server enrolled in Desktop
2023-11-02 08:26:01
nvd
nvd
CVE-2023-5876
2023-11-02 09:15:08
osv
osv
CVE-2023-5876
2023-11-02 09:15:08
prion
prion
Design/Logic Flaw
2023-11-02 09:15:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
13.3%
Related for CVE-2023-5876