PT-2024-20408 · Mattermost · Mattermost
Vultza
·
Published
2024-03-15
·
Updated
2024-12-16
·
CVE-2024-2446
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 8.1.x through 8.1.9
Mattermost versions 9.2.x through 9.2.5
Mattermost versions 9.3.x through 9.3.1
Mattermost versions 9.4.x through 9.4.2
Description
The issue allows an authenticated attacker to crash the client applications of other users via large, crafted messages, due to the failure to limit the number of @-mentions processed per message.
Recommendations
For Mattermost versions 8.1.x through 8.1.9, update to version 8.1.10 or later.
For Mattermost versions 9.2.x through 9.2.5, update to version 9.2.6 or later.
For Mattermost versions 9.3.x through 9.3.1, update to version 9.3.2 or later.
For Mattermost versions 9.4.x through 9.4.2, update to version 9.4.3 or later.
Fix
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mattermost