CVE-2024-24988

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to v8.1.9

Description The issue is related to uncontrolled resource consumption. An attacker can exploit this by setting a custom user status with an emoji value as a very long string, causing high resource consumption and possibly crashing the server. This can be done by sending multiple times a very long string as an emoji value.

Recommendations For versions prior to v8.1.9, update to version v8.1.9 or later to resolve the issue. As a temporary workaround, consider restricting the length of the emoji value in the custom user status to prevent high resource consumption. Restrict access to the custom user status feature to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2024-01909

BIT-MATTERMOST-2024-24988

CVE-2024-24988

GHSA-6MX3-9QFH-77GJ

GO-2024-2589

Affected Products

Mattermost

CVE-2024-24988

Weakness Enumeration

Related Identifiers

Affected Products

References · 13