Unrated severityNVD Advisory· Published Aug 22, 2024· Updated Aug 22, 2024

Server crash via Elasticsearch certificate file

CVE-2024-39810

Description

Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.

Affected products

Mattermost/Mattermostv5
Range: 9.5.0

Patches

43355fe32a95

https://github.com/mattermost/mattermost-servervia osv

23993132c67b

https://github.com/mattermost/mattermost-servervia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

mattermost.com/security-updatesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000