CVE-2024-39810

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 23, 2024
CWE ID 400

Summary

CVE-2024-39810 affects Mattermost versions 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0, revealing a vulnerability in the ElasticSearch configuration that fails to impose time and size limits on the CA path file. This flaw allows a System Role with access to the ElasticSearch system console to specify any file as a CA path, potentially leading to application crashes when connections are tested with inappropriate files like /dev/zero. The vulnerability presents a medium severity level (CVSS score of 4.9) with high privilege requirements and low attack complexity, making it exploitable via network vectors without user interaction. Organizations using the affected Mattermost versions should remediate this issue by updating to secure releases as advised in Mattermost's security updates. Failure to address this vulnerability could lead to significant availability impacts, resulting in system outages or downtime for users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share