CVE-2023-49607

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49607
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49607.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-49607
Aliases
Published
2023-12-12T09:15:08Z
Modified
2025-01-08T09:46:57.942501Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.

References

Affected packages

Git / github.com/mattermost/mattermost

Affected versions

@mattermost/client@9.*

@mattermost/client@9.0.0
@mattermost/client@9.1.0
@mattermost/client@9.2.0

@mattermost/types@9.*

@mattermost/types@9.0.0
@mattermost/types@9.1.0
@mattermost/types@9.2.0

v9.*

v9.0.0
v9.0.0-rc2
v9.0.1
v9.0.1-rc1
v9.0.2
v9.0.2-rc1
v9.0.3
v9.0.3-rc1
v9.1.0
v9.1.0-rc2
v9.1.1
v9.1.1-rc1
v9.1.2
v9.1.2-rc1
v9.2.0
v9.2.0-rc2
v9.2.1