Lucene search
GoogleOSV:CVE-2024-41162HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-41162
2024-08-0115:15:13
Google
osv.dev
1
mattermost
vulnerability
remote modification
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only.
References
Related
cvelist
cvelist
veracode
veracode
Improper Access Control
2024-08-12 10:24:18
osv
osv
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
2024-08-06 22:40:50
BIT-mattermost-2024-41162
2024-09-05 19:14:11
cve
cve
CVE-2024-41162
2024-08-01 15:15:13
nvd
nvd
CVE-2024-41162
2024-08-01 15:15:13
github
github
vulnrichment
vulnrichment
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
Related for OSV:CVE-2024-41162