← back
CVE-2023-48369

Log Flooding due to specially crafted requests in different endpoints

CVSS 4.3 MEDIUMEPSS 0.6%CWE-400
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected products
Mattermost · Mattermost

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://mattermost.com/security-updates