Lucene search
GoogleOSV:BIT-MATTERMOST-2024-41162HistorySep 05, 2024 - 7:14 p.m.
BIT-mattermost-2024-41162
2024-09-0519:14:11
Google
osv.dev
3
mattermost
vulnerability
remote modification
local channels
shared channels
arbitrary access
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
High
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only.
References
Related
cvelist
cvelist
nvd
nvd
CVE-2024-41162
2024-08-01 15:15:13
osv
osv
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
2024-08-06 22:40:50
CVE-2024-41162
2024-08-01 15:15:13
github
github
veracode
veracode
Improper Access Control
2024-08-12 10:24:18
cve
cve
CVE-2024-41162
2024-08-01 15:15:13
vulnrichment
vulnrichment
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
High
Related for OSV:BIT-MATTERMOST-2024-41162