First published: Fri Sep 29 2023(Updated: )
Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | >=7.0.0<7.8.10 | |
Mattermost Mattermost | >=8.0.0<8.0.2 | |
Mattermost Mattermost | >=8.1.0<8.1.1 | |
go/github.com/mattermost/mattermost-server/v6 | <7.8.10 | 7.8.10 |
go/github.com/mattermost/mattermost/server/v8 | >=8.0.0<8.0.2 | 8.0.2 |
go/github.com/mattermost/mattermost/server/v8 | =8.1.0 | 8.1.1 |
>=7.0.0<7.8.10 | ||
>=8.0.0<8.0.2 | ||
>=8.1.0<8.1.1 |
Update Mattermost Server to versions 7.8.10, 8.0.2, 8.1.1 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5196 is a vulnerability in Mattermost that allows an attacker to send a really long value for a notification_prop, causing the server to consume an abnormal quantity of computing resources and possibly become temporarily unavailable.
CVE-2023-5196 can lead to server overload and unavailability, affecting the normal usage of Mattermost by its users.
CVE-2023-5196 has a severity rating of medium with a CVSS score of 6.5.
Mattermost versions up to and including 8.0.2 are affected by CVE-2023-5196.
To fix CVE-2023-5196, upgrade Mattermost to version 8.1.1 or later.