CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin

🗓️ 22 Aug 2024 06:39:54Reported by MattermostType

CVE-2024-8071 allows system role to elevate to admi

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-8071	22 Aug 202410:10	–	circl
CNNVD	Mattermost 安全漏洞	22 Aug 202400:00	–	cnnvd
CVE	CVE-2024-8071	22 Aug 202406:39	–	cve
EUVD	EUVD-2024-2499	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost doesn't restrict which roles can promote a user as system admin	22 Aug 202409:30	–	github
Tenable Nessus	Mattermost Server 9.5.x < 9.5.8 / 9.8.x < 9.8.3 / 9.9.x < 9.9.2 / 9.10.x < 9.10.1 (MMSA-2024-00374)	18 Oct 202400:00	–	nessus
NVD	CVE-2024-8071	22 Aug 202407:15	–	nvd
OSV	GHSA-5263-PM2H-M7HW Mattermost doesn't restrict which roles can promote a user as system admin	22 Aug 202409:30	–	osv
OSV	GO-2024-3094 Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server	30 Aug 202417:18	–	osv
Positive Technologies	PT-2024-38785 · Mattermost · Mattermost	22 Aug 202400:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.9.1",
        "status": "affected",
        "version": "9.9.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.5.7",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "9.10.0"
      },
      {
        "lessThanOrEqual": "9.8.2",
        "status": "affected",
        "version": "9.8.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.11.0"
      },
      {
        "status": "unaffected",
        "version": "9.9.2"
      },
      {
        "status": "unaffected",
        "version": "9.5.8"
      },
      {
        "status": "unaffected",
        "version": "9.10.1"
      },
      {
        "status": "unaffected",
        "version": "9.8.3"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

22 Aug 2024 06:39Current

CVSS 3.14.7

EPSS0.00126

CWE-284