Moderate severityNVD Advisory· Published Apr 5, 2024· Updated Sep 3, 2024
DoS via a large number of User Preferences
CVE-2024-28949
Description
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost/server/v8Go | >= 8.1.0, < 8.1.11 | 8.1.11 |
github.com/mattermost/mattermost/server/v8Go | >= 9.3.0, < 9.3.3 | 9.3.3 |
github.com/mattermost/mattermost/server/v8Go | >= 9.4.0, < 9.4.4 | 9.4.4 |
github.com/mattermost/mattermost/server/v8Go | >= 9.5.0, < 9.5.2 | 9.5.2 |
Affected products
3- osv-coords2 versions
>= 8.1.0, < 8.1.11+ 1 more
- (no CPE)range: >= 8.1.0, < 8.1.11
- (no CPE)range: >= 8.1.0, < 8.1.11
- Range: 9.5.0
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-mcw6-3256-64ggghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28949ghsaADVISORY
- github.com/mattermost/mattermost/commit/11a21f4da352a472a09de3b8e125514750a6619aghsaWEB
- github.com/mattermost/mattermost/commit/362b7d29d35c00fe80721d3d47442a4f3168eb2bghsaWEB
- github.com/mattermost/mattermost/commit/5632d6b4ff6d019a21bb8ddd037d4a931cd85ae2ghsaWEB
- github.com/mattermost/mattermost/commit/88f9285173dc4cb35fa19a8b8604e098a567f704ghsaWEB
- mattermost.com/security-updatesghsaWEB
- pkg.go.dev/vuln/GO-2024-2695ghsaWEB
- mattermost/mattermostghsaPACKAGE
News mentions
0No linked articles in our index yet.