CVE-2024-28949

MEDIUM

Mattermost Server 8.1.0-8.1.10, 9.3.0-9.3.2, 9.4.0-9.4.3, 9.5.0-9.5.1 - Denial of Service via Unlimited User Preferences

Title source: llm
STIX 2.1

Description

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

References (1)

Core 1
Core References

Scores

CVSS v3 4.3
EPSS 0.0056
EPSS Percentile 42.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-400 CWE-770
Status published
Products (2)
mattermost/mattermost 8.1.0 - 8.1.11Go
mattermost/mattermost_server 8.1.0 - 8.1.11
Published Apr 05, 2024
Tracked Since Feb 18, 2026