Lucene search
GoogleOSV:GHSA-JQ3G-XQPX-37X3HistoryAug 01, 2024 - 3:32 p.m.
Mattermost failed to properly validate synced reactions
2024-08-0115:32:21
Google
osv.dev
3
mattermost
synced reactions
validation
vulnerability
version 9.9.x
version 9.5.x
shared channels
malicious remote
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
14.7%
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
Related
osv
osv
Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
2024-08-06 22:40:50
CVE-2024-29977
2024-08-01 15:15:11
github
github
Mattermost failed to properly validate synced reactions
2024-08-01 15:32:21
nessus
nessus
Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)
2024-08-09 00:00:00
veracode
veracode
Improper Access Control
2024-08-08 09:35:08
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-29977
2024-08-01 15:15:11
cve
cve
CVE-2024-29977
2024-08-01 15:15:11
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
14.7%
Related for OSV:GHSA-JQ3G-XQPX-37X3