CVE-2023-5196

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 29, 2023

Updated: Oct 3, 2023

CWE ID 400

Summary

CVE-2023-5196 is a vulnerability affecting Mattermost, an open-source team communication platform. The issue arises from the application's failure to enforce character limits in all notification properties. An attacker can exploit this by sending excessively long values for a notification_prop, causing the server to consume excessive computing resources. This can lead to temporary unavailability of the Mattermost server for its users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost Mattermost
Mattermost

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/suQ-Sr
https://www.cve.org/CVERecord?id=CVE-2023-5196
https://nvd.nist.gov/vuln/detail/CVE-2023-5196

Back to Vulnerability Database