PT-2024-19200 · Mattermost · Mattermost
Veshraj Ghimire
·
Published
2024-04-26
·
Updated
2024-06-05
·
CVE-2024-22091
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 8.1.x through 8.1.11
Mattermost versions 9.5.x through 9.5.2
Mattermost versions 9.6.x through 9.6.0
Description
The issue arises from the failure to limit the size of a request path that includes user inputs, allowing an attacker to cause excessive resource consumption, possibly leading to a denial of service (DoS) via sending large request paths. This affects the Mattermost server, specifically the request path handling.
Recommendations
For versions 8.1.x through 8.1.11, update to a version later than 8.1.11 to resolve the issue.
For versions 9.5.x through 9.5.2, update to a version later than 9.5.2 to resolve the issue.
For versions 9.6.x through 9.6.0, update to a version later than 9.6.0 to resolve the issue.
Fix
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mattermost