Lucene search

GoogleOSV:GHSA-762M-4CX6-6MF4

HistoryAug 01, 2024 - 3:32 p.m.

Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling

2024-08-0115:32:23

Google

osv.dev

mattermost

remote actor

data deletion

error handling

share channels

software vulnerability

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled.

References

github.com/mattermost/mattermost

mattermost.com/security-updates

nvd.nist.gov/vuln/detail/CVE-2024-39832

pkg.go.dev/vuln/GO-2024-3020

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

Related for OSV:GHSA-762M-4CX6-6MF4