Lucene search
GoogleOSV:CVE-2024-29977HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-29977
2024-08-0115:15:11
Google
osv.dev
2
mattermost
cve-2024-29977
reaction validation
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.9
Confidence
Low
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
References
Related
osv
osv
github
github
Mattermost failed to properly validate synced reactions
2024-08-01 15:32:21
nessus
nessus
Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)
2024-08-09 00:00:00
veracode
veracode
Improper Access Control
2024-08-08 09:35:08
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-29977
2024-08-01 15:15:11
cve
cve
CVE-2024-29977
2024-08-01 15:15:11
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.9
Confidence
Low
Related for OSV:CVE-2024-29977