Lucene search

CVE-2024-39830

🗓️ 03 Jul 2024 09:07:15Reported by [email protected]Type

Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, and 9.5.x <= 9.5.5 fail to use constant-time comparison for remote cluster tokens, enabling attackers to retrieve the remote cluster token via a timing attack

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2024-39830 Timing attack during remote cluster token comparison when shared channels are enabled	3 Jul 202408:32	–	cvelist
Veracode	Improper Authentication	4 Jul 202409:32	–	veracode
Vulnrichment	CVE-2024-39830 Timing attack during remote cluster token comparison when shared channels are enabled	3 Jul 202408:32	–	vulnrichment
CVE	CVE-2024-39830	3 Jul 202409:15	–	cve
OSV	CVE-2024-39830	3 Jul 202409:15	–	osv
CNVD	Mattermost Improper Authorization Vulnerability	4 Jul 202400:00	–	cnvd

Nvd

Node

mattermost mattermostRange9.5.0–9.5.6

mattermost mattermostRange9.6.0–9.6.3

mattermost mattermostRange9.7.0–9.7.5

mattermost mattermostRange9.8.0–9.8.1

Source	Link
mattermost	www.mattermost.com/security-updates

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Jul 2024 09:15Current

CVSS35.9

EPSS0.00087