Lucene search
HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-29977
mattermost
version validation
synced reactions
shared channels
malicious remote
arbitrary reactions
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
0
Percentile
14.7%
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
Affected configurations
Node
mattermostmattermostRange9.5.0–9.5.7
ORmattermostmattermostMatch9.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost | * | cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
| mattermost | mattermost | 9.9.0 | cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:* |
References
Related
osv
osv
Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
2024-08-06 22:40:50
Mattermost failed to properly validate synced reactions
2024-08-01 15:32:21
CVE-2024-29977
2024-08-01 15:15:11
github
github
Mattermost failed to properly validate synced reactions
2024-08-01 15:32:21
nessus
nessus
Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)
2024-08-09 00:00:00
veracode
veracode
Improper Access Control
2024-08-08 09:35:08
cvelist
cvelist
vulnrichment
vulnrichment
cve
cve
CVE-2024-29977
2024-08-01 15:15:11
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
0
Percentile
14.7%
Related for NVD:CVE-2024-29977