Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1549513 | Permissions Required |
https://mattermost.com/security-updates/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-09-09T14:39:51
Updated: 2022-09-09T14:39:51
Reserved: 2022-09-07T00:00:00
Link: CVE-2022-3147
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-09T15:15:15.010
Modified: 2023-07-21T19:27:10.613
Link: CVE-2022-3147
JSON object: View
Redhat Information
No data.