CVE-2023-5967

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-5967

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5967.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-5967

Aliases

GHSA-xvq6-h898-wcj8

Published

2023-11-06T15:24:24.544Z

Modified

2026-05-01T04:21:39.255538Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Denial of Service via crashing the Calls Plugin

Details

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "8.1.2"
                },
                {
                    "last_affected": "8.0.3"
                },
                {
                    "last_affected": "7.8.11"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5967.json",
    "cna_assigner": "Mattermost",
    "cwe_ids": [
        "CWE-754"
    ]
}

References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost

Events

Introduced

Last affected

58a74d76295680a5bb684f795e21970ab53fee1d

Introduced

90f502dc2dc80ee25cfb7d7bc3e743b53564a5a7

Last affected

ce6e98b51cbf6fb688b0a453b05634ddd0d00085

Introduced

096c9ea12a2144f832e330e9a0f4d3862ca20b9f

Last affected

9d2d03594f2ebca50ae47161ab9a22059f751fb8

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.8.11"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.3"
        },
        {
            "introduced": "8.1.0"
        },
        {
            "last_affected": "8.1.2"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*"
}

Affected versions

@mattermost/client@8.*

@mattermost/client@8.0.0

@mattermost/client@8.1.1

@mattermost/types@8.*

@mattermost/types@8.0.0

@mattermost/types@8.1.1

Other

cloud-2022-07-20-1

cloud-2022-08-10-1

cloud-2022-09-08-1

cloud-2022-10-06-1

cloud-2022-11-11-1

cloud-2022-11-24-1

cloud-2023-01-26-1

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.2.0-rc1

v5.2.0-rc2

v7.*

v7.8.0

v7.8.1

v7.8.10

v7.8.10-rc3

v7.8.10-rc4

v7.8.10-rc5

v7.8.11

v7.8.11-rc1

v7.8.2

v7.8.3

v7.8.4

v7.8.5

v7.8.6

v7.8.7

v7.8.8

v7.8.9

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.2-rc2

v8.0.2-rc3

v8.0.3

v8.0.3-rc1

v8.1.0

v8.1.0-rc2

v8.1.1

v8.1.1-rc1

v8.1.1-rc2

v8.1.2

v8.1.2-rc1

v8.1.2-rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5967.json"