CVE-2024-41162

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only.
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*

History

04 Sep 2024, 17:03

Type Values Removed Values Added
Summary
  • (es) Las versiones de Mattermost 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6, 9.7.x &lt;= 9.7.5 y 9.8.x &lt;= 9.8.1 no permiten la modificación de canales locales mediante un control remoto, cuando Los canales compartidos están habilitados, lo que permite que un control remoto malicioso convierta un canal local arbitrario en solo lectura.
CVSS v2 : unknown
v3 : 4.1
v2 : unknown
v3 : 4.3
CWE NVD-CWE-noinfo
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
CPE cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*
First Time Mattermost
Mattermost mattermost Server

01 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 15:15

Updated : 2024-09-04 17:03


NVD link : CVE-2024-41162

Mitre link : CVE-2024-41162

CVE.ORG link : CVE-2024-41162


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control