Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).
References
History

Mon, 02 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-11-27T09:07:29.918Z

Updated: 2024-12-02T19:33:50.978Z

Reserved: 2023-11-22T11:18:57.625Z

Link: CVE-2023-48268

cve-icon Vulnrichment

Updated: 2024-08-02T21:23:39.504Z

cve-icon NVD

Status : Modified

Published: 2023-11-27T10:15:08.217

Modified: 2024-11-21T08:31:22.667

Link: CVE-2023-48268

cve-icon Redhat

No data.