Mattermost Server up to 4.10.3/5.1.1/5.2.1 Image Dimension resource consumption

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Mattermost Server up to 4.10.3/5.1.1/5.2.1. It has been declared as problematic. This vulnerability affects an unknown code of the component Image Dimension Handler. Upgrading to version 4.10.4, 5.1.2 or 5.2.2 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056112710/25/2020VulD...confirm_urlhttps://mattermost.com/security-updates/cve.mitre.org10/25/2020accepted70
1018423906/19/2020VulD...cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.mitre.org06/19/2020accepted100
1018423806/19/2020VulD...cve_assigned1592524800mitre.org06/19/2020accepted100
1018423106/19/2020VulD...cvss3_nvd_aHnist.gov06/19/2020accepted100
1018423006/19/2020VulD...cvss3_nvd_iNnist.gov06/19/2020accepted100
1018422906/19/2020VulD...cvss3_nvd_cNnist.gov06/19/2020accepted100
1018422806/19/2020VulD...cvss3_nvd_sUnist.gov06/19/2020accepted100
1018422706/19/2020VulD...cvss3_nvd_uiRnist.gov06/19/2020accepted100
1018422606/19/2020VulD...cvss3_nvd_prNnist.gov06/19/2020accepted100
1018422506/19/2020VulD...cvss3_nvd_acLnist.gov06/19/2020accepted100
1018422406/19/2020VulD...cvss3_nvd_avNnist.gov06/19/2020accepted100
1018421106/19/2020VulD...cvss2_nvd_aiPnist.gov06/19/2020accepted100
1018421006/19/2020VulD...cvss2_nvd_iiNnist.gov06/19/2020accepted100
1018420906/19/2020VulD...cvss2_nvd_ciNnist.gov06/19/2020accepted100
1018420806/19/2020VulD...cvss2_nvd_auNnist.gov06/19/2020accepted100
1018420706/19/2020VulD...cvss2_nvd_acMnist.gov06/19/2020accepted100
1018420606/19/2020VulD...cvss2_nvd_avNnist.gov06/19/2020accepted100
1018419606/19/2020VulD...cwe400 (denial of service)06/19/2020accepted100
1018424806/19/2020VulD...cvss3_nvd_basescore6.5nist.gov06/19/2020accepted90
1018424706/19/2020VulD...cvss3_vuldb_rcX06/19/2020accepted90

Interested in the pricing of exploits?

See the underground prices here!