CVE-2023-48268 – github.com/mattermost/mattermost-server/v6

Package

Manager: go
Name: github.com/mattermost/mattermost-server/v6
Vulnerable Version: >=0 <7.8.13

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00087 pctl0.25944

Details

Mattermost Uncontrolled Resource Consumption vulnerability Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

Metadata

Created: 2023-11-27T12:30:54Z
Modified: 2023-11-28T20:47:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-j4c3-3h73-74m9/GHSA-j4c3-3h73-74m9.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-j4c3-3h73-74m9
Finding: F067
Auto approve: 1