Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 4.3 Go

Mattermost Server doesn't limit the number of user preferences

GHSA-mcw6-3256-64gg · BIT-mattermost-2024-28949 · CVE-2024-28949 · GO-2024-2695

Published · Modified

Description

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes