Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tY3c2LTMyNTYtNjRnZ84AA6qB

Mattermost Server doesn't limit the number of user preferences

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

Permalink: https://github.com/advisories/GHSA-mcw6-3256-64gg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tY3c2LTMyNTYtNjRnZ84AA6qB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 28 days ago
Updated: 28 days ago

CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Identifiers: GHSA-mcw6-3256-64gg, CVE-2024-28949
References:

Repository: https://github.com/mattermost/mattermost
Blast Radius: 0.0

Affected Packages

go:github.com/mattermost/mattermost/server/v8

Dependent packages: 2
Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 9.5.0, < 9.5.2, >= 9.4.0, < 9.4.4, >= 9.3.0, < 9.3.3, >= 8.1.0, < 8.1.11
Fixed in: 9.5.2, 9.4.4, 9.3.3, 8.1.11
All affected versions:
All unaffected versions: