Lucene search

GitHub Advisory DatabaseGHSA-5JPH-WRQ7-V9HF

HistoryNov 23, 2022 - 6:30 a.m.

Denial of service in Mattermost

2022-11-2306:30:24

CWE-770

GitHub Advisory Database

github.com

mattermost

denial-of-service

vulnerability

autoresponder

server

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.1%

JSON

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.

Affected configurations

Vulners

Node

github.com\/mattermost\/mattermostserverRange<7.3.1

github.com\/mattermost\/mattermostserverRange<7.2.1

github.com\/mattermost\/mattermostserverRange<7.1.4

CPENameOperatorVersion
github.com/mattermost/mattermost-serverlt7.3.1
github.com/mattermost/mattermost-serverlt7.2.1
github.com/mattermost/mattermost-serverlt7.1.4

Name	Operator	Version
github.com/mattermost/mattermost-server	lt	7.3.1
github.com/mattermost/mattermost-server	lt	7.2.1
github.com/mattermost/mattermost-server	lt	7.1.4

References

github.com/advisories/GHSA-5jph-wrq7-v9hf

hackerone.com/reports/1680241

mattermost.com/security-updates/

nvd.nist.gov/vuln/detail/CVE-2022-4044

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

34.1%

JSON

Related for GHSA-5JPH-WRQ7-V9HF