{
  "threat_severity" : "Low",
  "public_date" : "2024-04-26T00:00:00Z",
  "bugzilla" : {
    "description" : "mattermost: fail to limit the number of active sessions",
    "id" : "2277346",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2277346"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-400",
  "details" : [ "Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table.", "A flaw was found in Mattermost, where it fails to limit the number of active sessions. This flaw allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table." ],
  "package_state" : [ {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Fix deferred",
    "package_name" : "rhacm2/acm-grafana-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Fix deferred",
    "package_name" : "advanced-cluster-security/rhacs-docs-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Fix deferred",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Fix deferred",
    "package_name" : "advanced-cluster-security/rhacs-rhel8-operator",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Fix deferred",
    "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Fix deferred",
    "package_name" : "advanced-cluster-security/rhacs-scanner-db-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Fix deferred",
    "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-grafana",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-4183\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4183\nhttps://mattermost.com/security-updates" ],
  "name" : "CVE-2024-4183",
  "csaw" : false
}