Insufficient verification of data authenticity in Mattermost Server

#VU29476 Insufficient verification of data authenticity in Mattermost Server

Published: 2020-07-02

Vulnerability identifier: #VU29476

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14453

CWE-ID: CWE-345

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mattermost Server
Client/Desktop applications / Messaging software

Vendor: Mattermost, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to socket read operations are not appropriately restricted. A remote attacker can cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mattermost Server: 0.1.0 - 5.20.2

External links
http://mattermost.com/security-updates/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Mattermost Server