BIT-mattermost-2024-47003

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2024-47003.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mattermost-2024-47003
Aliases
Published
2024-09-27T07:19:54.937Z
Modified
2024-10-10T15:58:52.648609Z
Summary
[none]
Details

Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.

References

Affected packages

Bitnami / mattermost

Package

Name
mattermost
Purl
pkg:bitnami/mattermost

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
9.5.0
Fixed
9.5.9
Type
SEMVER
Events
Introduced
9.11.0
Last affected
9.11.0
Introduced
9.11.0-rc1
Last affected
9.11.0-rc1
Introduced
9.11.0-rc2
Last affected
9.11.0-rc2
Introduced
9.11.0-rc3
Last affected
9.11.0-rc3