Lucene search
MattermostCVELIST:CVE-2023-5330HistoryOct 09, 2023 - 10:38 a.m.
CVE-2023-5330 Denial of Service via Opengraph Data Cache
2023-10-0910:38:39
CWE-400
Mattermost
www.cve.org
mattermost
cache
vulnerability
opengraph
dos
security
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0.0005 Low
EPSS
Percentile
17.1%
Mattermost fails toย enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "7.8.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.8.11"
},
{
"status": "unaffected",
"version": "8.0.3"
},
{
"status": "unaffected",
"version": "8.1.2"
}
]
}
]References
Related
cve
cve
CVE-2023-5330
2023-10-09 11:15:11
prion
prion
Design/Logic Flaw
2023-10-09 11:15:00
veracode
veracode
Denial Of Service Attack
2023-10-26 07:25:30
osv
osv
BIT-mattermost-2023-5330
2024-03-06 10:57:35
CVE-2023-5330
2023-10-09 11:15:11
nvd
nvd
CVE-2023-5330
2023-10-09 11:15:11
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0.0005 Low
EPSS
Percentile
17.1%
Related for CVELIST:CVE-2023-5330