CVE-2024-54682

🗓️ 16 Dec 2024 08:03:44Reported by MattermostType

Mattermost versions allow DoS via zip bomb due to file size limit failure on slack imports.

Reporter	Title	Published	Views	Family All 23
Circl	CVE-2024-54682	16 Dec 202408:13	–	circl
CNNVD	Mattermost 安全漏洞	16 Dec 202400:00	–	cnnvd
CNVD	Mattermost Denial of Service Vulnerability (CNVD-2025-12636)	7 Jan 202500:00	–	cnvd
Cvelist	CVE-2024-54682 Zipbomb DoS via Missing Slack Import Validation	16 Dec 202408:03	–	cvelist
EUVD	EUVD-2024-3533	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost Data Amplification vulnerability	16 Dec 202409:31	–	github
Tenable Nessus	Mattermost Server 9.5.x < 9.5.13, 9.11.x < 9.11.5, 10.0.x < 10.0.3, 10.1.x < 10.1.3, 10.2.0 (MMSA-2024-00388, MMSA-2024-00392)	20 Dec 202400:00	–	nessus
NVD	CVE-2024-54682	16 Dec 202408:15	–	nvd
OPENSUSE Linux	govulncheck-vulndb-0.0.20241218T202206-1.1 on GA media (moderate)	20 Dec 202400:00	–	opensuse
OSV	CVE-2024-54682	16 Dec 202408:15	–	osv

NVD

Node

mattermost mattermost_serverRange9.5.0–9.5.13

mattermost mattermost_serverRange9.11.0–9.11.5

mattermost mattermost_serverRange10.0.0–10.0.3

mattermost mattermost_serverRange10.1.0–10.1.3

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "10.1.2",
        "status": "affected",
        "version": "10.1.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.0.2",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.11.4",
        "status": "affected",
        "version": "9.11.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.5.12",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "10.2.0"
      },
      {
        "status": "unaffected",
        "version": "10.1.3"
      },
      {
        "status": "unaffected",
        "version": "10.0.3"
      },
      {
        "status": "unaffected",
        "version": "9.11.5"
      },
      {
        "status": "unaffected",
        "version": "9.5.13"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

30 Sep 2025 15:50Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.9 - 6.5

EPSS0.00197

SSVC

CWE-409