{ "id": "CVE-2024-22091", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-04-26T09:15:11.880", "lastModified": "2024-11-21T08:55:33.560", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause\u00a0excessive resource\u00a0consumption, possibly leading to a DoS\u00a0via sending large request paths\n\n" }, { "lang": "es", "value": "Las versiones Mattermost 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 y 8.1.x <= 8.1.11 no limitan el tama\u00f1o de una ruta de solicitud que incluye entradas del usuario que permiten a un atacante causar un consumo excesivo de recursos, lo que posiblemente lleve a un DoS mediante el env\u00edo de grandes rutas de solicitud" } ], "metrics": { "cvssMetricV31": [ { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW" }, "exploitabilityScore": 1.6, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-400" } ] } ], "references": [ { "url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com" }, { "url": "https://mattermost.com/security-updates", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }