CVE-2024-4183
MEDIUM4.3EPSS 0.17%Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server
Published: 4/26/2024Modified: 3/3/2026
Description
Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server
Affected packages (2)
- Go/github.com/mattermost/mattermost-server>= 9.6.0-rc1, < 9.6.1
- Go/github.com/mattermost/mattermost-server>= 8.1.0+incompatible, < 8.1.12+incompatible, >= 9.4.0+incompatible, < 9.4.5+incompatible, >= 9.5.0+incompatible, < 9.5.3+incompatible, >= 9.6.0-rc1+incompatible, < 9.6.1+incompatible
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
References (8)
- ADVISORYhttps://github.com/advisories/GHSA-wj37-mpq9-xrcm
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-4183
- PATCHhttps://github.com/mattermost/mattermost
- WEBhttps://github.com/mattermost/mattermost/commit/86920d641760552c5aafa5e1d14c93bd30039bc4
- WEBhttps://github.com/mattermost/mattermost/commit/9d81eee979aee93374bff8ba6714d805e12ffb03
- WEBhttps://github.com/mattermost/mattermost/commit/b45c3dac4c160992a1ce757ade968e8f5ec506c1
- WEBhttps://github.com/mattermost/mattermost/commit/bc699e6789cf3ba1544235087897699aaa639e7d
- WEBhttps://mattermost.com/security-updates