CVE-2024-45843
5.4
MEDIUM
CVSS 3.1
EPSS 0.28%
Description
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.
How to fix CVE-2024-45843
To remediate CVE-2024-45843, upgrade the affected package to a fixed version below.
- Bitnami/mattermost—upgrade to 9.5.9 or later
Is CVE-2024-45843 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 9.5.0, < 9.5.9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |