Lucene search
MattermostCVE-2024-45843HistorySep 26, 2024 - 8:15 a.m.
CVE-2024-45843
2024-09-2608:15:06
CWE-918
Mattermost
web.nvd.nist.gov
21
mattermost vulnerability
ssrf
oracle cloud
alibaba
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
3.7
Confidence
High
EPSS
0
Percentile
14.7%
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.
Affected configurations
Node
mattermostmattermost_serverRange9.5.0–9.5.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_server | * | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "9.5.8",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "9.11.0"
},
{
"status": "unaffected",
"version": "9.5.9"
}
]
}
]References
Related
vulnrichment
vulnrichment
CVE-2024-45843 Weak SSRF Filtering
2024-09-26 08:03:41
nvd
nvd
CVE-2024-45843
2024-09-26 08:15:06
osv
osv
BIT-mattermost-2024-45843
2024-09-27 07:20:06
CVE-2024-45843
2024-09-26 08:15:06
cvelist
cvelist
CVE-2024-45843 Weak SSRF Filtering
2024-09-26 08:03:41
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
3.7
Confidence
High
EPSS
0
Percentile
14.7%
Related for CVE-2024-45843