CVE-2024-39837

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*

History

04 Sep 2024, 17:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.8
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
First Time Mattermost mattermost Server
Mattermost
CWE NVD-CWE-noinfo
Summary
  • (es) Las versiones 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6 de Mattermost no restringen adecuadamente la creación de canales, lo que permite que un control remoto malicioso cree canales arbitrarios, cuando los canales compartidos estaban habilitados.

01 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 15:15

Updated : 2024-09-04 17:38


NVD link : CVE-2024-39837

Mitre link : CVE-2024-39837

CVE.ORG link : CVE-2024-39837


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control