Large Number of User Preferences Can Cause Denial of Service
CVE-2024-28949

6.5MEDIUM

Key Information:

Vendor

Mattermost
Status
Mattermost Server
Vendor
CVE Published:
5 April 2024

What is CVE-2024-28949?

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

References

https://mattermost.com/security-updates

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.