CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin

2024-08-2206:39:54

CWE-284

Mattermost

www.cve.org

cve-2024-8071

system role

elevate

admin

permissions

system console

manage_system

mattermost

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

20.0%

JSON

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role (e.g. member) to include the manage_system permission, effectively becoming a System Admin.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.9.1",
        "status": "affected",
        "version": "9.9.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.5.7",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "9.10.0"
      },
      {
        "lessThanOrEqual": "9.8.2",
        "status": "affected",
        "version": "9.8.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.11.0"
      },
      {
        "status": "unaffected",
        "version": "9.9.2"
      },
      {
        "status": "unaffected",
        "version": "9.5.8"
      },
      {
        "status": "unaffected",
        "version": "9.10.1"
      },
      {
        "status": "unaffected",
        "version": "9.8.3"
      }
    ]
  }
]