CVE-2024-4182 — Improper Check for Unusual or Exceptional Conditions in Mattermost Mattermost-server

CWE-754 — Improper Check for Unusual or Exceptional Conditions6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 58.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-server Mattermost Server Mattermost

Timeline

PublishedApr 26

Latest updateJun 5

Description

Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDmattermost/mattermost_server8.1.0 — 8.1.12+3

▶Gogithub.com/mattermost_mattermost-server8.1.0 — 8.1.12+7

▶CVEListV5mattermost/mattermost9.5.0 — 9.5.2+3

🔴Vulnerability Details

OSV

Mattermost crashes web clients via a malformed custom status in github.com/mattermost/mattermost-server↗2024-06-05

▶

OSV

Mattermost crashes web clients via a malformed custom status↗2024-04-26

▶

CVEList

CVE-2024-4182: Mattermost versions 9↗2024-04-26

▶

GHSA

Mattermost crashes web clients via a malformed custom status↗2024-04-26

▶

📋Vendor Advisories

Red Hat

mattermost: fail to handle JSON parsing errors in custom status values↗2024-04-26

▶