CVE-2023-48268

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-48268

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48268.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-48268

Aliases

GHSA-j4c3-3h73-74m9

Related

CGA-qmp2-gfv6-5r4m

Published

2023-11-27T10:15:08.217Z

Modified

2026-04-10T05:04:41.382136Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

Last affected

b69ff7d1038609a4a29a7db104679d21da10ad09

Introduced

90f502dc2dc80ee25cfb7d7bc3e743b53564a5a7

Last affected

4fe1024a51f22f239c19c33838dbdcf7589b7b94

Introduced

987e843629fe3f11861fda23ceb66884f5973ef1

Last affected

77f094c7ee8c7a00be01c2df72f948a62c690b66

Introduced

Last affected

5934ff113becf755beb978cc7bd1ba6564cbbdd6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.8.12"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.1.3"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.1.0"
        }
    ]
}

Affected versions

@mattermost/client@8.*

@mattermost/client@8.1.1

@mattermost/client@9.*

@mattermost/client@9.0.0

@mattermost/client@9.1.0

@mattermost/types@8.*

@mattermost/types@8.1.1

@mattermost/types@9.*

@mattermost/types@9.0.0

@mattermost/types@9.1.0

Other

cloud-2022-07-20-1

cloud-2022-08-10-1

cloud-2022-09-08-1

cloud-2022-10-06-1

cloud-2022-11-11-1

cloud-2022-11-24-1

cloud-2023-01-26-1

cloud-2023-07-26-1

cloud-2023-09-26-1

server/public/v0.*

server/public/v0.0.5

server/public/v0.0.6

server/public/v0.0.7

server/public/v0.0.8

server/public/v0.0.9

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.2.0-rc1

v5.2.0-rc2

v7.*

v7.8.0

v7.8.1

v7.8.10

v7.8.10-rc3

v7.8.10-rc4

v7.8.10-rc5

v7.8.11

v7.8.11-rc1

v7.8.12

v7.8.12-rc1

v7.8.12-rc2

v7.8.2

v7.8.3

v7.8.4

v7.8.5

v7.8.6

v7.8.7

v7.8.8

v7.8.9

v8.*

v8.1.0

v8.1.0-rc2

v8.1.1

v8.1.1-rc1

v8.1.1-rc2

v8.1.2

v8.1.2-rc1

v8.1.2-rc2

v8.1.3

v8.1.3-rc1

v8.1.3-rc2

v9.*

v9.0.0

v9.0.0-rc2

v9.0.1

v9.0.1-rc1

v9.1.0

v9.1.0-rc1

v9.1.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48268.json"