CVE-2023-48268

Denial of Service via Board Import Zip Bomb

CVSS 4.3 MEDIUMEPSS 0.7%CWE-400

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Produtos afetados

Mattermost · Mattermost

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://mattermost.com/security-updates