CVE-2024-28053

LOW

Mattermost Server 8.1.0-8.1.9 - Denial of Service via Large Email Payload

Title source: llm
STIX 2.1

Description

Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.

References (1)

Core 1
Core References

Scores

CVSS v3 3.1
EPSS 0.0051
EPSS Percentile 40.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-400 CWE-770
Status published
Products (3)
mattermost/mattermost 0 - 0.0.0-20240209181221-674f549daf0eGo
mattermost/mattermost-server 0 - 0.0.0-20240209181221-674f549daf0e (3 CPE variants)Go
mattermost/mattermost_server 8.1.0 - 8.1.10
Published Mar 15, 2024
Tracked Since Feb 18, 2026