Mattermost Server up to 5.21.x Markdown Renderer denial of service

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in Mattermost Server up to 5.21.x. Affected is some unknown functionality of the component Markdown Renderer. Upgrading to version 5.22.0 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056119510/25/2020VulD...confirm_urlhttps://mattermost.com/security-updates/cve.mitre.org10/25/2020accepted70
1018805906/20/2020VulD...cwe404 (denial of service)06/20/2020accepted90
1018805706/20/2020VulD...cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.mitre.org06/20/2020accepted100
1018805606/20/2020VulD...cve_assigned1592524800mitre.org06/20/2020accepted100
1018804906/20/2020VulD...cvss3_nvd_aHnist.gov06/20/2020accepted100
1018804806/20/2020VulD...cvss3_nvd_iNnist.gov06/20/2020accepted100
1018804706/20/2020VulD...cvss3_nvd_cNnist.gov06/20/2020accepted100
1018804606/20/2020VulD...cvss3_nvd_sUnist.gov06/20/2020accepted100
1018804506/20/2020VulD...cvss3_nvd_uiNnist.gov06/20/2020accepted100
1018804406/20/2020VulD...cvss3_nvd_prNnist.gov06/20/2020accepted100
1018804306/20/2020VulD...cvss3_nvd_acLnist.gov06/20/2020accepted100
1018804206/20/2020VulD...cvss3_nvd_avNnist.gov06/20/2020accepted100
1018802906/20/2020VulD...cvss2_nvd_aiPnist.gov06/20/2020accepted100
1018802806/20/2020VulD...cvss2_nvd_iiNnist.gov06/20/2020accepted100
1018802706/20/2020VulD...cvss2_nvd_ciNnist.gov06/20/2020accepted100
1018802606/20/2020VulD...cvss2_nvd_auNnist.gov06/20/2020accepted100
1018802506/20/2020VulD...cvss2_nvd_acLnist.gov06/20/2020accepted100
1018802406/20/2020VulD...cvss2_nvd_avNnist.gov06/20/2020accepted100
1018806706/20/2020VulD...cvss3_nvd_basescore7.5nist.gov06/20/2020accepted90
1018806606/20/2020VulD...cvss3_vuldb_rcX06/20/2020accepted90

Want to stay up to date on a daily basis?

Enable the mail alert feature now!