Mattermost Server up to 4.10.4/5.5.1/5.6.2 Webhook memory leak

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Mattermost Server up to 4.10.4/5.5.1/5.6.2 and classified as problematic. This vulnerability affects an unknown functionality of the component Webhook Handler. Upgrading to version 4.10.5, 5.5.2, 5.6.3 or 5.7.0 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056118710/25/2020VulD...confirm_urlhttps://mattermost.com/security-updates/cve.mitre.org10/25/2020accepted70
1018761206/20/2020VulD...cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.mitre.org06/20/2020accepted100
1018761106/20/2020VulD...cve_assigned1592524800mitre.org06/20/2020accepted100
1018760406/20/2020VulD...cvss3_nvd_aHnist.gov06/20/2020accepted100
1018760306/20/2020VulD...cvss3_nvd_iNnist.gov06/20/2020accepted100
1018760206/20/2020VulD...cvss3_nvd_cNnist.gov06/20/2020accepted100
1018760106/20/2020VulD...cvss3_nvd_sUnist.gov06/20/2020accepted100
1018760006/20/2020VulD...cvss3_nvd_uiNnist.gov06/20/2020accepted100
1018759906/20/2020VulD...cvss3_nvd_prNnist.gov06/20/2020accepted100
1018759806/20/2020VulD...cvss3_nvd_acLnist.gov06/20/2020accepted100
1018759706/20/2020VulD...cvss3_nvd_avNnist.gov06/20/2020accepted100
1018758406/20/2020VulD...cvss2_nvd_aiPnist.gov06/20/2020accepted100
1018758306/20/2020VulD...cvss2_nvd_iiNnist.gov06/20/2020accepted100
1018758206/20/2020VulD...cvss2_nvd_ciNnist.gov06/20/2020accepted100
1018758106/20/2020VulD...cvss2_nvd_auNnist.gov06/20/2020accepted100
1018758006/20/2020VulD...cvss2_nvd_acLnist.gov06/20/2020accepted100
1018757906/20/2020VulD...cvss2_nvd_avNnist.gov06/20/2020accepted100
1018756906/20/2020VulD...cwe401 (denial of service)06/20/2020accepted100
1018762106/20/2020VulD...cvss3_nvd_basescore7.5nist.gov06/20/2020accepted90
1018762006/20/2020VulD...cvss3_vuldb_rcX06/20/2020accepted90

Want to stay up to date on a daily basis?

Enable the mail alert feature now!