Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28949


Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.


Published

2024-04-05T09:15:09.497

Last Modified

2024-12-12T21:38:08.237

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-400
  • Type: Primary
    CWE-770

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mattermost mattermost_server < 8.1.11 Yes
Application mattermost mattermost_server < 9.3.3 Yes
Application mattermost mattermost_server < 9.4.4 Yes
Application mattermost mattermost_server < 9.5.2 Yes

References