CVE-2024-2446

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 15, 2024

CWE ID 94

CWE ID 352

Summary

CVE-2024-2446 is a vulnerability affecting Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3. This issue enables an authenticated attacker to send large, crafted messages containing an excessive number of @-mentions. While processing these malicious messages, the client applications of other users will crash, causing disruption and potential downtime.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uRomPP
https://www.cve.org/CVERecord?id=CVE-2024-2446
https://nvd.nist.gov/vuln/detail/CVE-2024-2446

Back to Vulnerability Database

CVE-2024-2446

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations