Lucene search

CVE-2024-4182

🗓️ 26 Apr 2024 08:37:25Reported by MattermostType

Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, allowing an attacker to crash other users' web clients via a malformed custom status

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
redhatcve	CVE-2024-4182	26 Apr 202412:11	–	redhatcve
cvelist	CVE-2024-4182	26 Apr 202408:25	–	cvelist
github	Mattermost crashes web clients via a malformed custom status	26 Apr 202409:30	–	github
nvd	CVE-2024-4182	26 Apr 202409:15	–	nvd
cve	CVE-2024-4182	26 Apr 202409:15	–	cve
osv	GO-2024-2795 Mattermost crashes web clients via a malformed custom status in github.com/mattermost/mattermost-server	5 Jun 202415:10	–	osv
osv	GHSA-8F99-G2PJ-X8W3 Mattermost crashes web clients via a malformed custom status	26 Apr 202409:30	–	osv
veracode	Improper Check For Unusual Or Exceptional Conditions	29 Apr 202405:39	–	veracode

[
  {
    "cpes": [
      "cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mattermost",
    "product": "mattermost",
    "versions": [
      {
        "status": "affected",
        "version": "8.1",
        "versionType": "custom",
        "lessThanOrEqual": "9.7"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Apr 2024 08:25Current

6.5Medium risk

Vulners AI Score6.5

CVSS34.3

EPSS0.00244

SSVC

CWE-754