CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission

🗓️ 29 Feb 2024 08:08:08Reported by MattermostType

Mattermost server vulnerability allowing unauthorized guests to be added to a team

Reporter	Title	Published	Views	Family All 22
Chainguard	CVE-2024-1888 vulnerabilities	1 May 202507:14	–	cgr
Circl	CVE-2024-1888	29 Feb 202410:22	–	circl
CNNVD	Mattermost 安全漏洞	29 Feb 202400:00	–	cnnvd
CNVD	Mattermost Authorization Issue Vulnerability (CNVD-2024-13545)	6 Mar 202400:00	–	cnvd
CVE	CVE-2024-1888	29 Feb 202408:08	–	cve
EUVD	EUVD-2024-0685	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost fails to check the "invite_guest" permission	29 Feb 202409:30	–	github
NVD	CVE-2024-1888	29 Feb 202409:15	–	nvd
OSV	CGA-22VQ-HH2W-P63V	31 Mar 202515:58	–	osv
OSV	CGA-C7J5-PPJ5-WW9R	29 Jan 202600:45	–	osv

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.5.0"
      },
      {
        "status": "unaffected",
        "version": "9.4.2"
      },
      {
        "status": "unaffected",
        "version": "9.3.1"
      },
      {
        "status": "unaffected",
        "version": "9.2.5"
      },
      {
        "status": "unaffected",
        "version": "8.1.9"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

29 Feb 2024 08:08Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.14.3

EPSS0.00331

CWE-284