Lucene search

MattermostVULNRICHMENT:CVE-2024-45843

HistorySep 26, 2024 - 8:03 a.m.

CVE-2024-45843 Weak SSRF Filtering

2024-09-2608:03:41

CWE-918

Mattermost

github.com

cve-2024-45843

ssrf filtering

mattermost

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.

References

mattermost.com/security-updates

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-45843