{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-28053", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2024-03-14T09:38:07.478Z", "datePublished": "2024-03-15T09:08:04.993Z", "dateUpdated": "2024-03-15T09:08:04.993Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "8.1.9", "status": "affected", "version": "8.1.0", "versionType": "semver"}, {"status": "unaffected", "version": "9.5.0"}, {"status": "unaffected", "version": "8.1.10"}]}], "credits": [{"lang": "en", "type": "finder", "value": ". (themarkib0x0)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit&nbsp;the size of the payload that can be read and parsed allowing an attacker to send a&nbsp;very large email payload and crash the server.</p>"}], "value": "Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit\u00a0the size of the payload that can be read and parsed allowing an attacker to send a\u00a0very large email payload and crash the server.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-03-15T09:08:04.993Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Server to versions 9.5.0, 8.1.10 or higher.</p>"}], "value": "Update Mattermost Server to versions 9.5.0, 8.1.10 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00287", "defect": ["https://mattermost.atlassian.net/browse/MM-55968"], "discovery": "EXTERNAL"}, "title": "Resource Exhaustion via the Invitation Feature", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"descriptions": [{"lang": "en", "value": "Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit\u00a0the size of the payload that can be read and parsed allowing an attacker to send a\u00a0very large email payload and crash the server.\n\n"}, {"lang": "es", "value": "El agotamiento de recursos en las versiones 8.1.x anteriores a 8.1.10 de Mattermost Server no limita el tama\u00f1o del payload que se puede leer y analizar, lo que permite a un atacante enviar un payload de correo electr\u00f3nico muy grande y bloquear el servidor."}], "id": "CVE-2024-28053", "lastModified": "2024-03-15T12:53:06.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2024-03-15T09:15:07.293", "references": [{"source": "responsibledisclosure@mattermost.com", "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}