PT-2024-30297 · Mattermost · Mattermost Plugin Channel Export
C0Rydoras
·
Published
2024-08-23
·
Updated
2024-08-30
·
CVE-2024-43105
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Mattermost Plugin Channel Export versions <= 1.0.0
Description
The issue allows a user to consume excessive resources by running the
/export command multiple times at once, due to the failure to restrict concurrent runs of the command. This can lead to resource consumption.Recommendations
For Mattermost Plugin Channel Export versions <= 1.0.0, upgrade to version 9.11.0 to mitigate the issue. As a temporary workaround, consider restricting access to the
/export command to minimize the risk of exploitation.Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Plugin Channel Export