CVE-2024-47003

2024-09-2608:15:06

CWE-400

[email protected]

web.nvd.nist.gov

mattermost versions

message validation

frontend crash

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.1%

JSON

Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.

Affected configurations

Nvd

Node

mattermostmattermost_serverRange9.5.0–9.5.9

mattermostmattermost_serverMatch9.11.0-

mattermostmattermost_serverMatch9.11.0rc1

mattermostmattermost_serverMatch9.11.0rc2

mattermostmattermost_serverMatch9.11.0rc3

VendorProductVersionCPE
mattermostmattermost_server*cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
mattermostmattermost_server9.11.0cpe:2.3:a:mattermost:mattermost_server:9.11.0:-:*:*:*:*:*:*
mattermostmattermost_server9.11.0cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc1:*:*:*:*:*:*
mattermostmattermost_server9.11.0cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc2:*:*:*:*:*:*
mattermostmattermost_server9.11.0cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc3:*:*:*:*:*:*

Vendor	Product	Version	CPE
mattermost	mattermost_server	*	cpe:2.3:a:mattermost:mattermost_server::::::::
mattermost	mattermost_server	9.11.0	cpe:2.3:a:mattermost:mattermost_server:9.11.0:-::::::
mattermost	mattermost_server	9.11.0	cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc1::::::
mattermost	mattermost_server	9.11.0	cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc2::::::
mattermost	mattermost_server	9.11.0	cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc3::::::