Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Vendor Advisory |
Configurations
History
26 Sep 2024, 18:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | () https://mattermost.com/security-updates - Vendor Advisory | |
First Time |
Mattermost
Mattermost mattermost Server |
|
CPE | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 Sep 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-26 08:15
Updated : 2024-09-26 18:42
NVD link : CVE-2024-45843
Mitre link : CVE-2024-45843
CVE.ORG link : CVE-2024-45843
JSON object : View
Products Affected
mattermost
- mattermost_server
CWE
CWE-918
Server-Side Request Forgery (SSRF)