Veracode Vulnerability DatabaseVERACODE:41049Denial Of Service (DoS)
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0.0005 Low
EPSS
Percentile
17.4%
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service (DoS). The vulnerability exists because the library fails to properly truncate the Postgres error log message of a search query failure, allowing an attacker to crash the application by repeatedly providing maliciously crafted search query.
References
github.com/advisories/GHSA-8345-jr9c-vhph
github.com/mattermost/mattermost/commit/59721455721d797bf637c88d359d119484efbe85
github.com/mattermost/mattermost/commit/cacc680ec0459a7e535781ea6dab46a889ce0835
github.com/mattermost/mattermost/commit/e472239073c7647b6ba12ece027eb941c1f10ff8
mattermost.com/security-updates
mattermost.com/security-updates/
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
0.0005 Low
EPSS
Percentile
17.4%