Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Mattermost Uncontrolled Resource Consumption vulnerability
Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).
Permalink: https://github.com/advisories/GHSA-j4c3-3h73-74m9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 5 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-j4c3-3h73-74m9, CVE-2023-48268
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-48268
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-j4c3-3h73-74m9
Affected Packages
go:github.com/mattermost/mattermost-server/v6
Dependent packages: 111Dependent repositories: 168
Downloads:
Affected Version Ranges: < 7.8.13
Fixed in: 7.8.13
All affected versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.7.1, 6.7.2
All unaffected versions:
go:github.com/mattermost/mattermost/server/v8
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: < 8.1.4, >= 9.0.0, < 9.0.2, >= 9.1.0, < 9.1.1
Fixed in: 8.1.4, 9.0.2, 9.1.1
All affected versions:
All unaffected versions: