PT-2024-18447 · Mattermost · Mattermost
Vultza
·
Published
2024-02-29
·
Updated
2024-12-16
·
CVE-2024-1953
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 8.1.x through 8.1.8
Mattermost versions 9.2.x through 9.2.4
Mattermost version 9.3.0
Mattermost versions 9.4.x through 9.4.1
Description
The issue allows an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request, due to the failure to limit the number of role names requested from the API.
Recommendations
For Mattermost versions 8.1.x through 8.1.8, update to version 8.1.9 or later.
For Mattermost versions 9.2.x through 9.2.4, update to version 9.2.5 or later.
For Mattermost version 9.3.0, update to a later version.
For Mattermost versions 9.4.x through 9.4.1, update to version 9.4.2 or later.
Fix
Allocation of Resources Without Limits
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mattermost