CVE-2023-5876 - OpenCVE

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mattermost	Mattermost Desktop

Configuration 1 [-]

cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-11-02T08:26:01.611Z

Updated: 2023-11-02T08:26:01.611Z

Reserved: 2023-10-31T10:56:31.545Z

Link: CVE-2023-5876

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-02T09:15:08.747

Modified: 2023-11-09T17:52:34.940

Link: CVE-2023-5876

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5876", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2023-10-31T10:56:31.545Z", "datePublished": "2023-11-02T08:26:01.611Z", "dateUpdated": "2023-11-02T08:26:01.611Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost Desktop", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "5.5.0", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "5.5.1"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "DoyenSec"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.</p>"}], "value": "Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-11-02T08:26:01.611Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Desktop to versions v5.5.1 or higher.</p>"}], "value": "Update Mattermost Desktop to versions v5.5.1 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00255", "defect": ["https://mattermost.atlassian.net/browse/MM-54516"], "discovery": "EXTERNAL"}, "title": "Regex DoS from a malicious server enrolled in Desktop", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}