Lucene search

K
githubGitHub Advisory DatabaseGHSA-869F-PX86-VJ84
HistoryAug 23, 2024 - 9:30 a.m.

Mattermost Plugin Channel Export excessive resource consumption

2024-08-2309:30:35
CWE-400
GitHub Advisory Database
github.com
3
mattermost
plugin
channel export
vulnerability
resource consumption

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0

Percentile

9.5%

Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once.

Affected configurations

Vulners
Node
mattermostmattermost-plugin-channel-exportRange<1.0.1
VendorProductVersionCPE
mattermostmattermost-plugin-channel-export*cpe:2.3:a:mattermost:mattermost-plugin-channel-export:*:*:*:*:*:*:*:*

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0

Percentile

9.5%

Related for GHSA-869F-PX86-VJ84