Mattermost Server 9.5.x < 9.5.8 / 9.10.x < 9.10.1 (MMSA-2024-00359)

The version of Mattermost Server installed on the remote host is prior to 9.5.8 or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00359 advisory. - Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the...

CVE-2024-39810 Server crash via Elasticsearch certificate file

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

PT-2024-28680 · Unknown · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue arises from the failure to time limit and size limit the CA path file in the ElasticSearch configuration. This allows a System Role with...