CVE-2024-36492

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*

History

23 Aug 2024, 14:51

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Mattermost mattermost
Mattermost
Summary
  • (es) Las versiones de Mattermost 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6, 9.7.x &lt;= 9.7.5, 9.8.x &lt;= 9.8.1 no permiten la modificación de usuarios locales al sincronizar usuarios en canales compartidos lo que permite que un control remoto malicioso sobrescriba a un usuario local existente.
CPE cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 7.4
v2 : unknown
v3 : 6.4
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory

01 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 15:15

Updated : 2024-08-23 14:51


NVD link : CVE-2024-36492

Mitre link : CVE-2024-36492

CVE.ORG link : CVE-2024-36492


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control