CVE-2024-4183
MEDIUMMattermost 8.1.0-8.1.11, 9.6.0-rc1-9.6.0, 9.5.0-9.5.2, 9.4.0-9.4.4 - DoS via Session Table Flooding
Title source: llmDescription
Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table.
References (1)
Core 1
Core References
Vendor Advisory
https://mattermost.com/security-updates
Scores
CVSS v3
4.3
EPSS
0.0017
EPSS Percentile
38.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
CWE-400
Status
published
Products (2)
mattermost/mattermost-server
9.6.0-rc1 - 9.6.1Go
mattermost/mattermost_server
8.1.0 - 8.1.12
Published
Apr 26, 2024
Tracked Since
Feb 18, 2026