Unrated severityNVD Advisory· Published Aug 22, 2024· Updated Aug 22, 2024
Server crash via Elasticsearch certificate file
CVE-2024-39810
Description
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
29.5.x <= 9.5.7, 9.10.x <= 9.10.0+ 1 more
- (no CPE)range: 9.5.x <= 9.5.7, 9.10.x <= 9.10.0
- (no CPE)range: 9.5.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.