{ "id": "CVE-2024-47401", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-10-29T09:15:07.753", "lastModified": "2024-10-29T14:34:04.427", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to\u00a0prevent detailed error messages from being displayed\u00a0in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks." }, { "lang": "es", "value": "Las versiones 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 y 9.5.x <= 9.5.9 de Mattermost no evitan que se muestren mensajes de error detallados en Playbooks, lo que permite a un atacante generar una respuesta grande y causar una respuesta GraphQL amplificada que, a su vez, podr\u00eda provocar que la aplicaci\u00f3n se bloquee al enviar una solicitud especialmente manipulada a Playbooks." } ], "metrics": { "cvssMetricV31": [ { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-770" } ] } ], "references": [ { "url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com" } ] }