Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local channel will then become shared without the consent of the local admin.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Aug 2024, 14:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
|
First Time |
Mattermost mattermost
Mattermost |
|
CWE | NVD-CWE-noinfo | |
References | () https://mattermost.com/security-updates - Vendor Advisory | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
01 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-01 15:15
Updated : 2024-08-23 14:36
NVD link : CVE-2024-39777
Mitre link : CVE-2024-39777
CVE.ORG link : CVE-2024-39777
JSON object : View
Products Affected
mattermost
- mattermost
CWE