- Description
- Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- responsibledisclosure@mattermost.com
- CWE-409
- Hype score
- Not currently trending
CVE-2024-54682 DoS via Zip Bomb in Mattermost Team Admin Slack Imports In Mattermost versions 10.1.x up to 10.1.2, 10.0.x up to 10.0.2, 9.11.x up to 9.11.4, and 9.5.x up to 9.5.12, there is a problem with file si... https://t.co/oZRE0MMa5Y
@VulmonFeeds
16 Dec 2024
78 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-54682 Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a use… https://t.co/EhkURl5mx8
@CVEnew
16 Dec 2024
387 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes