Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:45432
HistoryFeb 12, 2024 - 6:42 a.m.

Denial Of Service (DoS)

2024-02-1206:42:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
mattermost
denial of service
vulnerability
custom emojis
mobile app

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Mattermost is vulnerable to Denial of Service (DoS). The vulnerability is caused due to the lack of validation for custom emoji reactions. This allows an attacker to send a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post.

Related

cnvd 1
osv 4
cve 1
prion 1
nessus 1
cvelist 1
nvd 1
vulnrichment 1
github 1
cnvd
cnvd
Mattermost Resource Management Error Vulnerability (CNVD-2024-09865)
2024-02-22 00:00:00
osv
osv
CVE-2024-1402
2024-02-09 16:15:07
BIT-mattermost-2024-1402
2024-03-06 10:56:11
CGA-xjf7-9r4q-527v
2024-06-24 14:34:07
cve
cve
CVE-2024-1402
2024-02-09 16:15:07
prion
prion
Code injection
2024-02-09 16:15:00
nessus
nessus
Mattermost Server < 8.1.8 / 9.x < 9.1.5 / 9.2.x < 9.2.4 (MMSA-2023-00276)
2024-02-14 00:00:00
cvelist
cvelist
CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions
2024-02-09 15:09:18
nvd
nvd
CVE-2024-1402
2024-02-09 16:15:07
vulnrichment
vulnrichment
CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions
2024-02-09 15:09:18
github
github
Mattermost vulnerable to denial of service via large number of emoji reactions
2024-02-09 18:31:07

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for VERACODE:45432
cnvd1osv4cve1prion1nessus1cvelist1nvd1vulnrichment1github1