Lucene search
HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-41162
mattermost
channel modification
shared channels.
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
0
Percentile
14.7%
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only.
Affected configurations
Node
mattermostmattermost_serverRange9.5.0–9.5.7
ORmattermostmattermost_serverRange9.7.0–9.7.6
ORmattermostmattermost_serverRange9.8.0–9.8.2
ORmattermostmattermost_serverMatch9.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_server | * | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
| mattermost | mattermost_server | 9.9.0 | cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
veracode
veracode
Improper Access Control
2024-08-12 10:24:18
osv
osv
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
2024-08-06 22:40:50
BIT-mattermost-2024-41162
2024-09-05 19:14:11
cve
cve
CVE-2024-41162
2024-08-01 15:15:13
github
github
vulnrichment
vulnrichment
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
0
Percentile
14.7%
Related for NVD:CVE-2024-41162