CVE-2024-45843

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8

Description: The issue arises from Mattermost's failure to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, potentially allowing an attacker to cause a server-side request forgery (SSRF) if Mattermost is deployed in Oracle Cloud or Alibaba. This could enable an attacker to remotely manipulate server requests.

Recommendations: For Mattermost versions 9.5.x through 9.5.8, upgrade Mattermost immediately to mitigate the risk of server-side request forgery. As a temporary workaround, consider restricting access to the metadata endpoints of Oracle Cloud and Alibaba to minimize the risk of exploitation.