CVE-2024-54083

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.12 Mattermost versions 9.11.x through 9.11.4 Mattermost versions 10.0.x through 10.0.2 Mattermost versions 10.1.x through 10.1.2

Description: The issue is related to the improper validation of the type of callProps which allows a user to cause a client-side Denial of Service (DoS) to users of particular channels by sending a specially crafted post. This affects both the web application and mobile app.

Recommendations: For Mattermost versions 9.5.x through 9.5.12, update to a version later than 9.5.12 to resolve the issue. For Mattermost versions 9.11.x through 9.11.4, update to a version later than 9.11.4 to resolve the issue. For Mattermost versions 10.0.x through 10.0.2, update to a version later than 10.0.2 to resolve the issue. For Mattermost versions 10.1.x through 10.1.2, update to a version later than 10.1.2 to resolve the issue. As a temporary workaround, consider restricting access to channels that could be targeted by the DoS attack until a patch is available.