Veracode Vulnerability DatabaseVERACODE:46674Denial Of Service (DoS)
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service. The vulnerability is due to a lack of session limit enforcement, enabling an authenticated attacker to crash the server by flooding the sessions table through repeated requests to the getSessions API.
References
github.com/advisories/GHSA-wj37-mpq9-xrcm
github.com/mattermost/mattermost/commit/86920d641760552c5aafa5e1d14c93bd30039bc4
github.com/mattermost/mattermost/commit/9d81eee979aee93374bff8ba6714d805e12ffb03
github.com/mattermost/mattermost/commit/b45c3dac4c160992a1ce757ade968e8f5ec506c1
github.com/mattermost/mattermost/commit/bc699e6789cf3ba1544235087897699aaa639e7d
mattermost.com/security-updates/
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%