Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.
Permalink: https://github.com/advisories/GHSA-3487-3j7c-7gwjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 5 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-3487-3j7c-7gwj, CVE-2023-48369
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-48369
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-3487-3j7c-7gwj
Affected Packages
go:github.com/mattermost/mattermost-server/v6
Dependent packages: 111Dependent repositories: 168
Downloads:
Affected Version Ranges: < 7.8.13
Fixed in: 7.8.13
All affected versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.7.1, 6.7.2
All unaffected versions:
go:github.com/mattermost/mattermost/server/v8
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: < 8.1.4, >= 9.0.0, < 9.0.2, >= 9.1.0, < 9.1.1
Fixed in: 8.1.4, 9.0.2, 9.1.1
All affected versions:
All unaffected versions: