ghsa-p2wq-4ggp-45f3
Vulnerability from github
Published
2024-04-26 09:30
Modified
2024-04-26 19:11
Severity ?
Summary
Mattermost fails to limit the size of a request path
Details
Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.1.11"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "8.1.0"
},
{
"fixed": "8.1.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.5.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.5.0"
},
{
"fixed": "9.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.6.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.6.0-rc1"
},
{
"fixed": "9.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-22091"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-26T19:11:28Z",
"nvd_published_at": "2024-04-26T09:15:11Z",
"severity": "LOW"
},
"details": "Mattermost versions 8.1.x \u003c= 8.1.10, 9.6.x \u003c= 9.6.0, 9.5.x \u003c= 9.5.2 and 8.1.x \u003c= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause\u00a0excessive resource\u00a0consumption, possibly leading to a DoS\u00a0via sending large request paths\n\n",
"id": "GHSA-p2wq-4ggp-45f3",
"modified": "2024-04-26T19:11:28Z",
"published": "2024-04-26T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22091"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/13049d8b16b195f98246dff4812b5f64c1e5a627"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/49e7c477246e31c7a0bd85c1043599121755b260"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/54478f2ccbc6c4f110706966adfe0db2c16a566c"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/f6d320017549ec66efb5fdd4bc10b66ab36abb70"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Mattermost fails to limit the size of a request path"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.