4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Mattermost Server is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is caused due to inadequate validation of custom status values in the user properties within user.go
.This allows an attacker to crash users’ web clients by submitting malformed custom status values.
github.com/advisories/GHSA-8f99-g2pj-x8w3
github.com/mattermost/mattermost/commit/41333a0babf565453d89287549bec1e546e75ce7
github.com/mattermost/mattermost/commit/6cbab0f7ece104681f73dd12c75d9f22d567125e
github.com/mattermost/mattermost/commit/a99dadd80c57d376185ca06f8f70919a6f135bc6
github.com/mattermost/mattermost/commit/f84f8ed65f6a5faba974426424b684635455a527
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%