Lucene search
GoogleOSV:GHSA-5FH7-7MW7-MMX5HistoryApr 26, 2024 - 9:30 a.m.
Mattermost allows team admins to promote guests to team admins
2024-04-2609:30:35
Google
osv.dev
9
mattermost
role validation
vulnerability
versions 9.6.0
9.5.x
8.1.x
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
AI Score
3.6
Confidence
High
EPSS
0
Percentile
9.0%
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests.
Related
redhatcve
redhatcve
CVE-2024-4195
2024-04-26 12:11:22
nvd
nvd
CVE-2024-4195
2024-04-26 09:15:12
github
github
Mattermost allows team admins to promote guests to team admins
2024-04-26 09:30:35
veracode
veracode
Improper Access Control
2024-04-29 06:39:25
vulnrichment
vulnrichment
CVE-2024-4195
2024-04-26 08:26:00
cvelist
cvelist
CVE-2024-4195
2024-04-26 08:26:00
cve
cve
CVE-2024-4195
2024-04-26 09:15:12
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
AI Score
3.6
Confidence
High
EPSS
0
Percentile
9.0%
Related for OSV:GHSA-5FH7-7MW7-MMX5