CVE-2024-54682 Zipbomb DoS via Missing Slack Import Validation

🗓️ 16 Dec 2024 08:03:44Reported by MattermostType

DoS vulnerability in Mattermost allows zip bomb attack through unchecked file size in imports.

Reporter	Title	Published	Views	Family All 22
Circl	CVE-2024-54682	16 Dec 202408:13	–	circl
CNNVD	Mattermost 安全漏洞	16 Dec 202400:00	–	cnnvd
CNVD	Mattermost Denial of Service Vulnerability (CNVD-2025-12636)	7 Jan 202500:00	–	cnvd
CVE	CVE-2024-54682	16 Dec 202408:03	–	cve
EUVD	EUVD-2024-3533	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost Data Amplification vulnerability	16 Dec 202409:31	–	github
Tenable Nessus	Mattermost Server 9.5.x < 9.5.13, 9.11.x < 9.11.5, 10.0.x < 10.0.3, 10.1.x < 10.1.3, 10.2.0 (MMSA-2024-00388, MMSA-2024-00392)	20 Dec 202400:00	–	nessus
NVD	CVE-2024-54682	16 Dec 202408:15	–	nvd
OPENSUSE Linux	govulncheck-vulndb-0.0.20241218T202206-1.1 on GA media (moderate)	20 Dec 202400:00	–	opensuse
OSV	GHSA-V647-H8JJ-FW5R Mattermost Data Amplification vulnerability	16 Dec 202409:31	–	osv

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "10.1.2",
        "status": "affected",
        "version": "10.1.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.0.2",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.11.4",
        "status": "affected",
        "version": "9.11.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.5.12",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "10.2.0"
      },
      {
        "status": "unaffected",
        "version": "10.1.3"
      },
      {
        "status": "unaffected",
        "version": "10.0.3"
      },
      {
        "status": "unaffected",
        "version": "9.11.5"
      },
      {
        "status": "unaffected",
        "version": "9.5.13"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

16 Dec 2024 08:03Current

CVSS 3.16.5

EPSS0.00409

CWE-409