Lucene search
HistorySep 26, 2024 - 8:15 a.m.
CVE-2024-45843
mattermost
ssrf
oracle cloud
alibaba
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0
Percentile
14.7%
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.
Affected configurations
Node
mattermostmattermost_serverRange9.5.0–9.5.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_server | * | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
References
Related
vulnrichment
vulnrichment
CVE-2024-45843 Weak SSRF Filtering
2024-09-26 08:03:41
osv
osv
BIT-mattermost-2024-45843
2024-09-27 07:20:06
CVE-2024-45843
2024-09-26 08:15:06
cve
cve
CVE-2024-45843
2024-09-26 08:15:06
cvelist
cvelist
CVE-2024-45843 Weak SSRF Filtering
2024-09-26 08:03:41
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0
Percentile
14.7%
Related for NVD:CVE-2024-45843