Published on: Not Yet Published
Last Modified on: 09/26/2022 10:23:00 PM UTC
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.
- CVE-2022-3257 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: Mattermost - Mattermost version <= 7.1.x
CVSS3 Score: 6.5 - MEDIUM
|HackerOne|| hackerone.com |
|Security Updates - Mattermost Open Source Collaboration Platform|| mattermost.com |
Known Affected Configurations (CPE V2.3)
Thanks to Philippe Antoine (catenacyber) for contributing to this improvement under the Mattermost responsible disclosure policy.
|@CVEreport||CVE-2022-3257 : Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file… twitter.com/i/web/status/1…||2022-09-23 15:05:18|