Page 15 of 75 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-48369 – Log Flooding due to specially crafted requests in different endpoints

https://notcve.org/view.php?id=CVE-2023-48369

Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. Mattermost no logra limitar el tamaño de los registros del servidor, lo que permite que un atacante envíe solicitudes especialmente manipuladas a diferentes endpoint para potencialmente desbordar el registro. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-40703 – Denial of Service via specially crafted block fields in Mattermost Boards

https://notcve.org/view.php?id=CVE-2023-40703

Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. Mattermost no logra limitar adecuadamente los caracteres permitidos en diferentes campos de un bloque en Mattermost Boards, lo que permite a un atacante consumir recursos excesivos, lo que posiblemente lleve a una Denegación de Servicio, al parchear el campo de un bloque usando una cadena especialmente manipulada. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-48268 – Denial of Service via Board Import Zip Bomb

https://notcve.org/view.php?id=CVE-2023-48268

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb). Mattermost no limita la cantidad de datos extraídos de archivos comprimidos durante la importación de tableros en Mattermost Boards, lo que permite a un atacante consumir recursos excesivos, lo que posiblemente lleve a una denegación de servicio, al importar un tablero usando un zip (bomba zip) especialmente manipulado. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-5969 – Denial of Service via Link Preview in /api/v4/redirect_location

https://notcve.org/view.php?id=CVE-2023-5969

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. Mattermost no puede sanitizar adecuadamente la solicitud a /api/v4/redirect_location, lo que permite que un atacante envíe una solicitud especialmente manipulada a /api/v4/redirect_location para llenar la memoria debido al almacenamiento en caché de elementos grandes. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-5968 – Password hash in response body after username update

https://notcve.org/view.php?id=CVE-2023-5968

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. Mattermost no sanitiza adecuadamente el objeto de usuario al actualizar el nombre de usuario, lo que hace que el hash de la contraseña se incluya en el cuerpo de la respuesta. • https://mattermost.com/security-updates • CWE-116: Improper Encoding or Escaping of Output CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •