CVE-2022-3147

Опубликовано: 09 сент. 2022

Источник: nvd

CVSS3: 3.1

CVSS3: 6.5

EPSS Низкий

Описание

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.

Ссылки

https://hackerone.com/reports/1549513
Permissions Required
https://mattermost.com/security-updates/
Vendor Advisory
https://hackerone.com/reports/1549513
Permissions Required
https://mattermost.com/security-updates/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Версия до 7.1.0 (исключая)

EPSS

Процентиль: 72%

0.00725

Низкий

3.1 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400

CWE-770

Связанные уязвимости

CVE-2022-3147

CVSS3: 3.1

debian

больше 3 лет назад

Mattermost version 7.0.x and earlier fails to sufficiently limit the i ...

GHSA-9rmc-xf66-rv68

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 72%

0.00725

Низкий

3.1 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-400

CWE-770