CVE-2024-54083

Published Dec 16, 2024

Last updated 2 months ago

CVSS medium 6.5

Overview

Description: Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.
Source: responsibledisclosure@mattermost.com
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

responsibledisclosure@mattermost.com: CWE-1287

Hype score: Not currently trending

CVE-2024-54083 Client-Side DoS Vulnerability in Mattermost Mobile and Web Apps Mattermost versions, from 10.1.0 to 10.1.2, 10.0.0 to 10.0.2, 9.11.0 to 9.11.4, and 9.5.0 to 9.5.12, do not check the type of callPro... https://t.co/GofPahvlY6
@VulmonFeeds
16 Dec 2024
77 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes

References