CVE-2024-47401

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1

Description The issue allows an attacker to generate a large response and cause an amplified GraphQL response which could cause the application to crash by sending a specially crafted request to Playbooks. This is due to the failure to prevent detailed error messages from being displayed in Playbooks.

Recommendations For Mattermost versions 9.5.x through 9.5.9, update to a version later than 9.5.9 to resolve the issue. For Mattermost versions 9.10.x through 9.10.2, update to a version later than 9.10.2 to resolve the issue. For Mattermost versions 9.11.x through 9.11.1, update to a version later than 9.11.1 to resolve the issue. As a temporary workaround, consider restricting access to Playbooks to minimize the risk of exploitation.