CVE-2024-1953

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-1953

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1953.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-1953

Aliases

Related

CGA-8wh8-26c8-mqpw

Published

2024-02-29T11:15:08.413Z

Modified

2026-03-14T12:30:52.472575Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

096c9ea12a2144f832e330e9a0f4d3862ca20b9f

Fixed

4c83724516242843802cc75840b08ead6afbd37b

Introduced

b47be1c0f5787562ddf430dd5c5b8b3c35748b06

Fixed

cf3252f5bf7a8ecd29403c873b05c70c3b20e920

Introduced

baa88a2450d49dfea42990861283b5ed9d469edf

Fixed

f344590398e35c6373957fb3b4f761b9acfd82b2

Introduced

Last affected

7bf5dcb8fb7f05db9a7a6a9be608ac0fe1405351

Database specific

{
    "versions": [
        {
            "introduced": "8.1.0"
        },
        {
            "fixed": "8.1.9"
        },
        {
            "introduced": "9.2.0"
        },
        {
            "fixed": "9.2.5"
        },
        {
            "introduced": "9.4.0"
        },
        {
            "fixed": "9.4.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.3.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1953.json"