Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks.
Fixes

Solution

Update Mattermost to versions 10.0.0, 9.10.3, 9.11.2, 9.5.10 or higher.


Workaround

No workaround given by the vendor.

References
History

Mon, 29 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost mattermost Server
CPEs cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Vendors & Products Mattermost mattermost Server

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00114}

epss

{'score': 0.0013}


Tue, 29 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 08:30:00 +0000

Type Values Removed Values Added
Description Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks.
Title DoS via Amplified GraphQL Response in Playbooks
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2024-10-29T12:52:04.161Z

Reserved: 2024-10-21T16:12:47.128Z

Link: CVE-2024-47401

cve-icon Vulnrichment

Updated: 2024-10-29T12:51:59.230Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-29T09:15:07.753

Modified: 2025-09-29T14:47:01.637

Link: CVE-2024-47401

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:22:06Z