Описание
Mattermost fails to limit the number of role names
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.
Пакеты
github.com/mattermost/mattermost/server/v8
>= 9.4.0, < 9.4.2
9.4.2
github.com/mattermost/mattermost/server/v8
>= 9.3.0, < 9.3.1
9.3.1
github.com/mattermost/mattermost/server/v8
>= 9.2.0, < 9.2.5
9.2.5
github.com/mattermost/mattermost/server/v8
< 8.1.9
8.1.9
EPSS
5.3 Medium
CVSS4
4.3 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and ...
EPSS
5.3 Medium
CVSS4
4.3 Medium
CVSS3