We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47401

DoS via Amplified GraphQL Response in Playbooks



AssignerMattermost
Reserved2024-10-21
Published2024-10-29
Updated2024-10-29

Description

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks.



MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Product status

Default status
unaffected

9.10.0
affected

9.11.0
affected

9.5.0
affected

10.0.0
unaffected

9.10.3
unaffected

9.11.2
unaffected

9.5.10
unaffected

Credits

DoyenSec finder

References

https://mattermost.com/security-updates

cve.org CVE-2024-47401

nvd.nist.gov CVE-2024-47401

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-47401
Subscribe to our newsletter to learn more about our work.