{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-48268","assignerOrgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","state":"PUBLISHED","assignerShortName":"Mattermost","dateReserved":"2023-11-22T11:18:57.625Z","datePublished":"2023-11-27T09:07:29.918Z","dateUpdated":"2024-12-02T19:33:50.978Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mattermost","vendor":"Mattermost","versions":[{"lessThanOrEqual":"7.8.12","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"8.1.3","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"9.0.1","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"9.1.0","status":"affected","version":"0","versionType":"semver"},{"status":"unaffected","version":"9.1.1"},{"status":"unaffected","version":"9.0.2"},{"status":"unaffected","version":"7.8.13"},{"status":"unaffected","version":"8.1.4"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"vultza (vultza)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Mattermost fails to&nbsp;limit the amount of data extracted from compressed archives during board import in Mattermost Boards&nbsp;allowing <span style=\"background-color: rgb(255, 255, 255);\">an attacker t</span>o consume excessive resources, possibly leading to Denial of Service, by<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;importing a board using a specially crafted zip (zip bomb).</span></p>"}],"value":"Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb).\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-400","description":"CWE-400: Uncontrolled Resource Consumption","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","shortName":"Mattermost","dateUpdated":"2023-11-27T09:07:29.918Z"},"references":[{"url":"https://mattermost.com/security-updates"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Update Mattermost Server to versions 9.1.1, 9.0.2, 7.8.13, 8.1.4 or higher.</p>"}],"value":"Update Mattermost Server to versions 9.1.1, 9.0.2, 7.8.13, 8.1.4 or higher.\n\n"}],"source":{"advisory":"MMSA-2023-00218","defect":["https://mattermost.atlassian.net/browse/MM-53231"],"discovery":"EXTERNAL"},"title":"Denial of Service via Board Import Zip Bomb","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T21:23:39.504Z"},"title":"CVE Program Container","references":[{"url":"https://mattermost.com/security-updates","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-02T19:33:03.704927Z","id":"CVE-2023-48268","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-02T19:33:50.978Z"}}]}}