Lucene search

MattermostCVELIST:CVE-2023-5522

HistoryOct 17, 2023 - 9:41 a.m.

CVE-2023-5522 Mobile app freezes when receiving a post with hundreds of emojis

2023-10-1709:41:14

CWE-400

Mattermost

www.cve.org

cve-2023-5522

mattermost mobile

markdown elements

attacker

channel

freeze

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThan": "2.8.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "2.8.0"
      }
    ]
  }
]

References

mattermost.com/security-updates

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-5522