CVE-2023-3585 - OpenCVE

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mattermost	Mattermost Server

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::

No data.

References

Link	Providers
https://mattermost.com/security-updates

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-07-17T15:24:20.975Z

Updated: 2024-08-02T07:01:57.036Z

Reserved: 2023-07-10T13:44:28.891Z

Link: CVE-2023-3585

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-17T16:15:10.633

Modified: 2023-07-27T03:48:44.793

Link: CVE-2023-3585

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3585", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2023-07-10T13:44:28.891Z", "datePublished": "2023-07-17T15:24:20.975Z", "dateUpdated": "2024-08-02T07:01:57.036Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "7.8.6", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "7.9.4", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "7.10.2", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "7.8.7"}, {"status": "unaffected", "version": "7.9.5"}, {"status": "unaffected", "version": "7.10.3"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ossi V\u00e4\u00e4n\u00e4nen"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by <span style=\"background-color: rgb(255, 255, 255);\">posting a specially crafted boards link.</span></p>"}], "value": "Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by\u00a0posting a specially crafted boards link.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-07-17T15:24:20.975Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Server to versions v7.8.7, v7.9.5, v7.10.3 or higher.</p>"}], "value": "Update Mattermost Server to versions v7.8.7,\u00a0v7.9.5,\u00a0v7.10.3 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00168", "defect": ["https://mattermost.atlassian.net/browse/MM-51713"], "discovery": "EXTERNAL"}, "title": "channel DoS by sharing a boards link", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:01:57.036Z"}, "title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CE365D7-09E6-424C-A8FE-B7BDCC76B749", "versionEndExcluding": "7.8.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0D66512-A095-4557-A9AD-B02E306FC1C9", "versionEndExcluding": "7.9.5", "versionStartIncluding": "7.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "401CC11A-1059-44A2-87BA-601024BD178E", "versionEndExcluding": "7.10.3", "versionStartIncluding": "7.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by\u00a0posting a specially crafted boards link.\n\n"}], "id": "CVE-2023-3585", "lastModified": "2023-07-27T03:48:44.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2023-07-17T16:15:10.633", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}