Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-04-26T08:25:47.088Z
Updated: 2024-08-01T20:33:52.871Z
Reserved: 2024-04-25T14:18:54.310Z
Link: CVE-2024-4183
Vulnrichment
Updated: 2024-08-01T20:33:52.871Z
NVD
Status : Awaiting Analysis
Published: 2024-04-26T09:15:12.717
Modified: 2024-04-26T12:58:17.720
Link: CVE-2024-4183
Redhat