CVE-2024-1953

MEDIUM

Mattermost <8.1.9, <9.2.5, 9.3.0, <9.4.2 - DoS

Title source: llm
STIX 2.1

Description

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.

References (1)

Core 1
Core References

Scores

CVSS v3 4.3
EPSS 0.0051
EPSS Percentile 39.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-400 CWE-770
Status published
Products (3)
mattermost/mattermost 9.4.0 - 9.4.2Go
mattermost/mattermost_server 9.3.0
mattermost/mattermost_server 8.1.0 - 8.1.9
Published Feb 29, 2024
Tracked Since Feb 18, 2026