VYPR
Unrated severityNVD Advisory· Published Aug 22, 2024· Updated Aug 22, 2024

Server crash via Elasticsearch certificate file

CVE-2024-39810

Description

Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mattermost/Mattermostllm-fuzzy2 versions
    9.5.x <= 9.5.7, 9.10.x <= 9.10.0+ 1 more
    • (no CPE)range: 9.5.x <= 9.5.7, 9.10.x <= 9.10.0
    • (no CPE)range: 9.5.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.