Lucene search
HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-41144
mattermost
sync validation
remote attack
shared channels
cve-2024-41144
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
EPSS
0.001
Percentile
16.8%
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validateย synced posts, when shared channels are enabled,ย ย which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels
Affected configurations
Node
mattermostmattermost_serverRange9.5.0โ9.5.7
ORmattermostmattermost_serverRange9.7.0โ9.7.6
ORmattermostmattermost_serverRange9.8.0โ9.8.2
ORmattermostmattermost_serverMatch9.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_server | * | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
| mattermost | mattermost_server | 9.9.0 | cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:* |
References
Related
osv
osv
CVE-2024-41144
2024-08-01 15:15:13
BIT-mattermost-2024-41144
2024-09-05 19:14:24
vulnrichment
vulnrichment
cve
cve
CVE-2024-41144
2024-08-01 15:15:13
cvelist
cvelist
github
github
veracode
veracode
Improper Access Control
2024-08-09 06:00:22
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
EPSS
0.001
Percentile
16.8%
Related for NVD:CVE-2024-41144