CVE-2023-5967

Mattermost denial of service vulnerability in go/github.com/mattermost/mattermost/server/v8

Identifiers

GHSA-xvq6-h898-wcj8, CVE-2023-5967

Package Slug

go/github.com/mattermost/mattermost/server/v8

Vulnerability

Mattermost denial of service vulnerability

Description

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

Affected Versions

All versions starting from 8.0.0 before 8.0.4, all versions starting from 8.1.0 before 8.1.3, version 9.0.0

Solution

Upgrade to versions 8.0.4, 8.1.3, 9.0.1 or above.

Last Modified

2023-11-09

source