CVE-2024-4183

{"id": "CVE-2024-4183", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-04-26T09:15:12.717", "references": [{"url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com"}, {"url": "https://mattermost.com/security-updates", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table.\n\n"}, {"lang": "es", "value": "Las versiones de Mattermost 8.1.x anteriores a 8.1.12, 9.6.x anteriores a 9.6.1, 9.5.x anteriores a 9.5.3, 9.4.x anteriores a 9.4.5 no limitan el n\u00famero de sesiones activas, lo que permite que un atacante autenticado falle el servidor a trav\u00e9s de solicitudes repetidas a la API getSessions despu\u00e9s de inundar la tabla de sesiones."}], "lastModified": "2024-11-21T09:42:20.870", "sourceIdentifier": "responsibledisclosure@mattermost.com"}