CVE-2023-3585 - OpenCVE

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mattermost	Mattermost Server

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-07-17T15:24:20.975Z

Updated: 2023-07-17T15:24:20.975Z

Reserved: 2023-07-10T13:44:28.891Z

Link: CVE-2023-3585

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-17T16:15:10.633

Modified: 2023-07-27T03:48:44.793

Link: CVE-2023-3585

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3585", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2023-07-10T13:44:28.891Z", "datePublished": "2023-07-17T15:24:20.975Z", "dateUpdated": "2023-07-17T15:24:20.975Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "7.8.6", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "7.9.4", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "7.10.2", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "7.8.7"}, {"status": "unaffected", "version": "7.9.5"}, {"status": "unaffected", "version": "7.10.3"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ossi V\u00e4\u00e4n\u00e4nen"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by <span style=\"background-color: rgb(255, 255, 255);\">posting a specially crafted boards link.</span></p>"}], "value": "Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by\u00a0posting a specially crafted boards link.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-07-17T15:24:20.975Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Server to versions v7.8.7, v7.9.5, v7.10.3 or higher.</p>"}], "value": "Update Mattermost Server to versions v7.8.7,\u00a0v7.9.5,\u00a0v7.10.3 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00168", "defect": ["https://mattermost.atlassian.net/browse/MM-51713"], "discovery": "EXTERNAL"}, "title": "channel DoS by sharing a boards link", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CE365D7-09E6-424C-A8FE-B7BDCC76B749", "versionEndExcluding": "7.8.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0D66512-A095-4557-A9AD-B02E306FC1C9", "versionEndExcluding": "7.9.5", "versionStartIncluding": "7.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "401CC11A-1059-44A2-87BA-601024BD178E", "versionEndExcluding": "7.10.3", "versionStartIncluding": "7.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by\u00a0posting a specially crafted boards link.\n\n"}], "id": "CVE-2023-3585", "lastModified": "2023-07-27T03:48:44.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2023-07-17T16:15:10.633", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}