
We found results for “”
CVE-2025-35965
Good to know:

Date: April 24, 2025
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
CWE-770Top Fix

Upgrade Version
Upgrade to version github.com/mattermost/mattermost/server/v8 - v8.0.0-20250218121836-2b5275d87136;github.com/mattermost/mattermost-plugin-playbooks - v1.41.0;https://github.com/mattermost/mattermost-plugin-playbooks.git - v1.41.0;https://github.com/mattermost/mattermost-plugin-playbooks.git - v2.1.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |