CVE-2024-28053Uncontrolled Resource Consumption in Mattermost Mattermost-server

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling5 documents4 sources
Severity
6.5MEDIUMNVD
CNA3.1
EPSS
0.1%
top 72.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Github.com Mattermost Mattermost-serverGithub.com Mattermost Mattermost-server V5Github.com Mattermost Mattermost-server V6+3 more
Timeline
PublishedMar 15
Latest updateDec 18

Description

Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

NVDmattermost/mattermost_server8.1.08.1.10
Gogithub.com/mattermost_mattermost-server< 0.0.0-20240209181221-674f549daf0e
Gogithub.com/mattermost_mattermost-server_v5< 0.0.0-20240209181221-674f549daf0e
Gogithub.com/mattermost_mattermost-server_v6< 0.0.0-20240209181221-674f549daf0e
Gogithub.com/mattermost_mattermost_server_v8< 0.0.0-20240209181221-674f549daf0e

🔴Vulnerability Details

4
OSV
Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server2024-12-18
CVEList
Resource Exhaustion via the Invitation Feature2024-03-15
OSV
Mattermost Server Resource Exhaustion2024-03-15
GHSA
Mattermost Server Resource Exhaustion2024-03-15
CVE-2024-28053 — Uncontrolled Resource Consumption | cvebase