{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "9.5.0"
              },
              {
                "fixed": "9.5.8"
              },
              {
                "introduced": "9.10.0"
              },
              {
                "fixed": "9.10.1"
              }
            ]
          },
          "events": [
            {
              "introduced": "99d819d25d0b16b3faed901b1fe5c41de7655e9c"
            },
            {
              "fixed": "43355fe32a953e8b7aa82a9c4cd024311665c098"
            },
            {
              "introduced": "60c5bb46dfa8192efa5a13c746423f0e7696b8bc"
            },
            {
              "fixed": "23993132c67b11e5d8a0d0d789b7079868200b63"
            }
          ],
          "repo": "https://github.com/mattermost/mattermost-server",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Mattermost versions 9.5.x \u003c= 9.5.7 and 9.10.x \u003c= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.",
  "id": "CVE-2024-39810",
  "modified": "2026-03-10T21:48:00.687429154Z",
  "published": "2024-08-22T07:15:03.743Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}