Unvalidated Requests in Mattermost Calls Plugin Lead to Plugin Crash

Unvalidated Requests in Mattermost Calls Plugin Lead to Plugin Crash

CVE-2023-5967 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

Learn more about our User Device Pen Test.