CVE-2023-48268

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-48268

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48268.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-48268

Aliases

GHSA-j4c3-3h73-74m9

Related

CGA-qmp2-gfv6-5r4m

Published

2023-11-27T10:15:08.217Z

Modified

2026-02-19T01:41:56.352450Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b69ff7d1038609a4a29a7db104679d21da10ad09

Introduced

90f502dc2dc80ee25cfb7d7bc3e743b53564a5a7

Last affected

4fe1024a51f22f239c19c33838dbdcf7589b7b94

Introduced

987e843629fe3f11861fda23ceb66884f5973ef1

Last affected

77f094c7ee8c7a00be01c2df72f948a62c690b66

Affected versions

@mattermost/client@9.*

@mattermost/client@9.0.0

@mattermost/types@9.*

@mattermost/types@9.0.0

v9.*

v9.0.0

v9.0.0-rc2

v9.0.1

v9.0.1-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48268.json"