CVE-2024-45843

Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

History

26 Sep 2024, 18:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.1
v2 : unknown
v3 : 5.4
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
First Time Mattermost
Mattermost mattermost Server
CPE cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Las versiones 9.5.x &lt;= 9.5.8 de Mattermost no incluyen los endpoints de metadatos de Oracle Cloud y Alibaba en la lista de denegación de SSRF, lo que permite que un atacante posiblemente provoque una SSRF si Mattermost se implementó en Oracle Cloud o Alibaba.

26 Sep 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 08:15

Updated : 2024-09-26 18:42


NVD link : CVE-2024-45843

Mitre link : CVE-2024-45843

CVE.ORG link : CVE-2024-45843


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-918

Server-Side Request Forgery (SSRF)