First published: Mon Oct 09 2023(Updated: )
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | <7.8.11 | |
Mattermost Mattermost Server | >=8.0.0<8.0.3 | |
Mattermost Mattermost Server | >=8.1.0<8.1.2 | |
<7.8.11 | ||
>=8.0.0<8.0.3 | ||
>=8.1.0<8.1.2 |
Update Mattermost Server to versions 7.8.11, 8.0.3, 8.1.2 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Mattermost vulnerability is CVE-2023-5330.
The title of this Mattermost vulnerability is "Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to turn the server unavailable."
The severity rating of the vulnerability CVE-2023-5330 is high.
Mattermost Server versions 7.8.11, 8.0.0 to 8.0.3, and 8.1.0 to 8.1.2 are affected by this vulnerability.
An attacker can exploit the vulnerability CVE-2023-5330 by sending a specially crafted request to the /api/v4/opengraph endpoint, filling the cache and turning the server unavailable.