Lucene search
HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-39832
mattermost versions
vulnerability
error handling
share channels
remote code execution
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
EPSS
0.001
Percentile
16.8%
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled.
Affected configurations
Node
mattermostmattermostRange9.5.0–9.5.7
ORmattermostmattermostRange9.7.0–9.7.6
ORmattermostmattermostRange9.8.0–9.8.2
ORmattermostmattermostMatch9.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost | * | cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
| mattermost | mattermost | 9.9.0 | cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2024-39832 Permanently local data deletion by malicious remote
2024-08-01 14:05:04
osv
osv
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
2024-08-01 15:32:23
CVE-2024-39832
2024-08-01 15:15:12
veracode
veracode
Incorrect Error Handling
2024-08-09 11:26:39
vulnrichment
vulnrichment
CVE-2024-39832 Permanently local data deletion by malicious remote
2024-08-01 14:05:04
github
github
cve
cve
CVE-2024-39832
2024-08-01 15:15:12
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
EPSS
0.001
Percentile
16.8%
Related for NVD:CVE-2024-39832