Lucene search
HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-39837
mattermost
channel creation
security vulnerability
cve-2024-39837
shared channels
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0
Percentile
14.7%
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.
Affected configurations
Node
mattermostmattermost_serverRange9.5.0–9.5.7
ORmattermostmattermost_serverMatch9.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_server | * | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
| mattermost | mattermost_server | 9.9.0 | cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:* |
References
Related
osv
osv
BIT-mattermost-2024-39837
2024-09-05 19:14:48
Mattermost did not properly restrict channel creation
2024-08-01 15:32:23
CVE-2024-39837
2024-08-01 15:15:12
vulnrichment
vulnrichment
CVE-2024-39837 Malicious remote can create arbitrary channels
2024-08-01 14:05:06
veracode
veracode
Improper Access Control
2024-08-09 08:13:32
cve
cve
CVE-2024-39837
2024-08-01 15:15:12
github
github
Mattermost did not properly restrict channel creation
2024-08-01 15:32:23
cvelist
cvelist
CVE-2024-39837 Malicious remote can create arbitrary channels
2024-08-01 14:05:06
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0
Percentile
14.7%
Related for NVD:CVE-2024-39837