CVE-2024-39810
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Summary
CVE-2024-39810 affects Mattermost versions 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0, revealing a vulnerability in the ElasticSearch configuration that fails to impose time and size limits on the CA path file. This flaw allows a System Role with access to the ElasticSearch system console to specify any file as a CA path, potentially leading to application crashes when connections are tested with inappropriate files like /dev/zero. The vulnerability presents a medium severity level (CVSS score of 4.9) with high privilege requirements and low attack complexity, making it exploitable via network vectors without user interaction. Organizations using the affected Mattermost versions should remediate this issue by updating to secure releases as advised in Mattermost's security updates. Failure to address this vulnerability could lead to significant availability impacts, resulting in system outages or downtime for users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.