Mattermost Server@9.9.0 Security Vulnerabilities and Issues — Mattermost Server@9.9.0 CVE List

Lucene search

MattermostMattermost Server9.9.0

5 matches found

CVE•added 2024/08/01 3:15 p.m.•54 views

CVE-2024-41162

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only.

4.3CVSS7AI score0.00106EPSS

CVE•added 2024/08/01 3:15 p.m.•50 views

CVE-2024-41926

Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.

4.3CVSS4.1AI score0.00073EPSS

CVE•added 2024/08/01 3:15 p.m.•44 views

CVE-2024-39837

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.

5.4CVSS7.2AI score0.00109EPSS

CVE•added 2024/08/01 3:15 p.m.•43 views

CVE-2024-41144

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels

7.1CVSS7.1AI score0.00168EPSS

CVE•added 2024/08/01 3:15 p.m.•40 views

CVE-2024-39839

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow users to set their own remote username, when shared channels were enabled, which allows a user on a remote to set their remote username prop to an arbitrary string, which would be then sy...

4.3CVSS7AI score0.00108EPSS