Lucene search
GitHub Advisory DatabaseGHSA-JQ3G-XQPX-37X3HistoryAug 01, 2024 - 3:32 p.m.
Mattermost failed to properly validate synced reactions
2024-08-0115:32:21
CWE-284
GitHub Advisory Database
github.com
2
mattermost
sync reactions
validation
vulnerability
shared channels
software security
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
14.7%
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
Affected configurations
Node
mattermostmattermostMatch9.9.0
ORmattermostmattermostRange9.5.0–9.5.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost | 9.9.0 | cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:* |
| mattermost | mattermost | * | cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
Related
osv
osv
Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
2024-08-06 22:40:50
Mattermost failed to properly validate synced reactions
2024-08-01 15:32:21
CVE-2024-29977
2024-08-01 15:15:11
nessus
nessus
Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)
2024-08-09 00:00:00
veracode
veracode
Improper Access Control
2024-08-08 09:35:08
cvelist
cvelist
vulnrichment
vulnrichment
cve
cve
CVE-2024-29977
2024-08-01 15:15:11
nvd
nvd
CVE-2024-29977
2024-08-01 15:15:11
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
14.7%
Related for GHSA-JQ3G-XQPX-37X3