CVE-2024-4182

{"id": "CVE-2024-4182", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-04-26T09:15:12.523", "references": [{"url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com"}, {"url": "https://mattermost.com/security-updates", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status.\n\n"}, {"lang": "es", "value": "Las versiones Mattermost 9.6.0, 9.5.x anteriores a 9.5.3, 9.4.x anteriores a 9.4.5 y 8.1.x anteriores a 8.1.12 no pueden manejar errores de an\u00e1lisis JSON en valores de estado personalizados, lo que permite que un atacante autenticado se bloquee. clientes web de otros usuarios a trav\u00e9s de un estado personalizado con formato incorrecto."}], "lastModified": "2024-11-21T09:42:20.747", "sourceIdentifier": "responsibledisclosure@mattermost.com"}