CVE-2024-22091 Excessive resource consumption due to lack to request path size limits

2024-04-2608:24:34

CWE-400

Mattermost

www.cve.org

excessive resource

request path

size limits

mattermost

cve-2024-22091

dos

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "8.1.10",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "9.6.0"
      },
      {
        "lessThanOrEqual": "9.5.2",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.11",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.7.0"
      },
      {
        "status": "unaffected",
        "version": "8.1.11"
      },
      {
        "status": "unaffected",
        "version": "9.6.1"
      },
      {
        "status": "unaffected",
        "version": "9.5.3"
      },
      {
        "status": "unaffected",
        "version": "8.1.12"
      }
    ]
  }
]