PT-2024-22638 · Mattermost · Mattermost Server
Vultza
·
Published
2024-04-05
·
Updated
2024-12-13
·
CVE-2024-28949
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mattermost Server versions 8.1.x through 8.1.10
Mattermost Server versions 9.3.x through 9.3.2
Mattermost Server versions 9.4.x through 9.4.3
Mattermost Server versions 9.5.x through 9.5.1
Description
The issue arises because Mattermost Server does not limit the number of user preferences, allowing an attacker to send a large number of user preferences, potentially causing denial of service.
Recommendations
For versions 8.1.x through 8.1.10, update to version 8.1.11 or later.
For versions 9.3.x through 9.3.2, update to version 9.3.3 or later.
For versions 9.4.x through 9.4.3, update to version 9.4.4 or later.
For versions 9.5.x through 9.5.1, update to version 9.5.2 or later.
Fix
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mattermost Server