Veracode Vulnerability DatabaseVERACODE:38248Denial Of Service (DOS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
19.2%
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service (DOS). The vulnerability exists in user_store.go because it will send multiple requests to one of the api endpoints which could fetch a large amount of data by an authenticated user to crash the server.
References
github.com/advisories/GHSA-v42f-hq78-8c5m
github.com/mattermost/mattermost-server/commit/3341b6c2baaa1dc0981f2b27e4027522066be28c
github.com/mattermost/mattermost-server/commit/64021bf5c4810546cd9a8aa22d263b0365e98d54
github.com/mattermost/mattermost-server/commit/8af1446b88a3af9f114a140e619a4d64fab7e70a
github.com/mattermost/mattermost-server/pull/20900
mattermost.com/security-updates/
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
19.2%