CVE-2024-29977

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*

History

23 Aug 2024, 14:52

Type Values Removed Values Added
Summary
  • (es) Las versiones 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6 de Mattermost no validan correctamente las reacciones sincronizadas cuando los canales compartidos están habilitados, lo que permite que un control remoto malicioso cree reacciones arbitrarias en publicaciones arbitrarias.
First Time Mattermost mattermost
Mattermost
CVSS v2 : unknown
v3 : 2.7
v2 : unknown
v3 : 4.3
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
CPE cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

01 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 15:15

Updated : 2024-08-23 14:52


NVD link : CVE-2024-29977

Mitre link : CVE-2024-29977

CVE.ORG link : CVE-2024-29977


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control