Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
References
History

Wed, 15 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 15 Jan 2025 16:00:00 +0000

Type Values Removed Values Added
Description Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
Title WebApp crash via improper validation of proto style in attachments
Weaknesses CWE-704
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2025-01-15T15:51:49.474Z

Updated: 2025-01-15T16:20:11.778Z

Reserved: 2025-01-15T15:30:33.435Z

Link: CVE-2025-21088

cve-icon Vulnrichment

Updated: 2025-01-15T16:19:05.431Z

cve-icon NVD

Status : Received

Published: 2025-01-15T16:15:32.413

Modified: 2025-01-15T16:15:32.413

Link: CVE-2025-21088

cve-icon Redhat

No data.