CVE-2024-4182

Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status.

Published: Apr 26, 2024
Updated: May 13, 2025
CVE: CVE-2024-4182
GHSA: GHSA-8f99-g2pj-x8w3
Severity: Low
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-754

Affected Software
References

Software	From	Fixed in
github.com/mattermost/mattermost-server	8.1.0	8.1.12
github.com/mattermost/mattermost-server	9.4.0	9.4.5
github.com/mattermost/mattermost-server	9.5.0	9.5.3
github.com/mattermost/mattermost-server	9.6.0-rc1	9.6.1
mattermost / mattermost_server	8.1.0	8.1.12
mattermost / mattermost_server	9.5.0	9.5.3
mattermost / mattermost_server	9.4.0	9.4.5
mattermost / mattermost_server	9.6.0	9.6.1

https://github.com/mattermost/mattermost/commit/41333a0babf565453d89287549bec1e546e75ce7
https://github.com/mattermost/mattermost/commit/6cbab0f7ece104681f73dd12c75d9f22d567125e
https://github.com/mattermost/mattermost/commit/a99dadd80c57d376185ca06f8f70919a6f135bc6
https://github.com/mattermost/mattermost/commit/f84f8ed65f6a5faba974426424b684635455a527
https://mattermost.com/security-updates

Vulnerability Database

290,020

CVE-2024-4182