Lucene search

K
redhatcveRedhat.comRH:CVE-2024-4198
HistoryApr 26, 2024 - 11:47 a.m.

CVE-2024-4198

2024-04-2611:47:32
redhat.com
access.redhat.com
11
mattermost
cve-2024-4198
role validation.

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as team admin to demote users to guests via crafted HTTP requests.

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for RH:CVE-2024-4198