CVE-2024-4182

Summary

Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost9.6.0affected
MattermostMattermost9.5.0 <= 9.5.2affected
MattermostMattermost9.4.0 <= 9.4.4affected
MattermostMattermost8.1.0 <= 8.1.11affected
MattermostMattermost9.7.0unaffected
MattermostMattermost9.6.1unaffected
MattermostMattermost9.5.3unaffected
MattermostMattermost9.4.5unaffected
MattermostMattermost8.1.12unaffected

Weaknesses

  • CWE-754: CWE-754: Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References