CVE-2024-28949

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates

Configurations

No configuration.

History

05 Apr 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-05 09:15

Updated : 2024-04-05 12:40

NVD link : CVE-2024-28949

Mitre link : CVE-2024-28949

CVE.ORG link : CVE-2024-28949

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

4.3 /10