Lucene search

GoogleOSV:BIT-MATTERMOST-2024-45843

HistorySep 27, 2024 - 7:20 a.m.

BIT-mattermost-2024-45843

2024-09-2707:20:06

Google

osv.dev

mattermost

ssrf

vulnerability

oracle cloud

alibaba

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

14.7%

JSON

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.

References

mattermost.com/security-updates

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

14.7%

JSON

Related for OSV:BIT-MATTERMOST-2024-45843