CVE-2024-1953
published 2024-02-29CVE-2024-1953: Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 9.2.0+incompatible < 9.2.5+incompatible | 9.2.5+incompatible |
| github.com | mattermost_mattermost-server | >= 9.3.0+incompatible < 9.3.1+incompatible | 9.3.1+incompatible |
| github.com | mattermost_mattermost-server | >= 9.4.0+incompatible < 9.4.2+incompatible | 9.4.2+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.1.9 | 8.1.9 |
| github.com | mattermost_mattermost_server_v8 | >= 9.2.0 < 9.2.5 | 9.2.5 |
| github.com | mattermost_mattermost_server_v8 | >= 9.3.0 < 9.3.1 | 9.3.1 |
| github.com | mattermost_mattermost_server_v8 | >= 9.4.0 < 9.4.2 | 9.4.2 |
| mattermost | mattermost | — | — |
| mattermost | mattermost | 8.1.0 – 8.1.8 | — |
| mattermost | mattermost | 9.2.0 – 9.2.4 | — |
| mattermost | mattermost | 9.4.0 – 9.4.1 | — |
| mattermost | mattermost_server | — | — |
| mattermost | mattermost_server | >= 8.1.0 < 8.1.9 | 8.1.9 |
| mattermost | mattermost_server | >= 9.2.0 < 9.2.5 | 9.2.5 |
| mattermost | mattermost_server | >= 9.4.0 < 9.4.2 | 9.4.2 |