Description
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- Mattermost / Playbooks Plugin1.0.0 – 7.1.3
- Mattermost / Playbooks Plugin7.1.4 – 7.1.*
- Mattermost / Playbooks Plugin7.2.0 – 7.2.1
- Mattermost / Playbooks Plugin7.3.0 – 7.3.1
- Mattermost / Playbooks Plugin7.4.0 – 7.4.0