Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Mon, 02 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-11-27T09:07:29.918Z
Updated: 2024-12-02T19:33:50.978Z
Reserved: 2023-11-22T11:18:57.625Z
Link: CVE-2023-48268
Vulnrichment
Updated: 2024-08-02T21:23:39.504Z
NVD
Status : Modified
Published: 2023-11-27T10:15:08.217
Modified: 2024-11-21T08:31:22.667
Link: CVE-2023-48268
Redhat
No data.