216.73.216.86

CVE-2024-47003

· Published 26/09/2024 08:15 · Modified 26/09/2024 18:42

Labels: CVE-2024-47003 2024-09-26CVE-2024-47003CWE-400NVD-CWE-noinfo[email protected]

Essential information

Published
26/09/2024 08:15
Modified
26/09/2024 18:42
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:-:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc1:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc2:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc3:*:*:*:*:*:*

References