CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
17.0%
Mattermost is vulnerable to Denial of Service Attack. The vulnerability is due to a lack of input validation of log size in server logs .This could allow an attacker to inject specially crafted requests to different endpoints which causes overflow of log.This ultimately leads to Denial of Service.
github.com/mattermost/mattermost/commit/935efe84b5e93f58991a84127638f3eb31d4d045
github.com/mattermost/mattermost/commit/e5193d434b4f56c91c690acaf58175fc865db598
github.com/mattermost/mattermost/commit/eed4a9a86cd9dcda7a921b247ebc771d64b23bb0
github.com/mattermost/mattermost/commit/fde932e95021a381e9f38d9b3657e460e7f30af5
mattermost.com/security-updates
mattermost.com/security-updates/