VYPR
Moderate severityNVD Advisory· Published Apr 5, 2024· Updated Sep 3, 2024

DoS via a large number of User Preferences

CVE-2024-28949

Description

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
>= 8.1.0, < 8.1.118.1.11
github.com/mattermost/mattermost/server/v8Go
>= 9.3.0, < 9.3.39.3.3
github.com/mattermost/mattermost/server/v8Go
>= 9.4.0, < 9.4.49.4.4
github.com/mattermost/mattermost/server/v8Go
>= 9.5.0, < 9.5.29.5.2

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.