CVE-2024-47003

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Sep 26, 2024
CWE ID 400

Summary

CVE-2024-47003 affects Mattermost versions 9.11.x (up to 9.11.0) and 9.5.x (up to 9.5.8), wherein the software fails to properly validate permalink post messages, allowing attackers to submit non-string values that can crash the frontend. This vulnerability poses a low severity risk with an exploitability score of 1.6, requiring low privileges and no user interaction, but it involves high attack complexity and could lead to resource exhaustion. Organizations using the affected versions are advised to upgrade to patched releases as a remediation measure. The potential danger includes service disruption due to frontend crashes, although there is no impact on confidentiality or integrity of data. For further information, organizations can reference the vendor advisory at Mattermost's security updates page.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share