CVE-2024-41144

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled,  which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*

History

04 Sep 2024, 17:25

Type Values Removed Values Added
Summary
  • (es) Las versiones de Mattermost 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6, 9.7.x &lt;= 9.7.5, 9.8.x &lt;= 9.8.1 no validan correctamente las publicaciones sincronizadas cuando los canales compartidos están habilitados. que permite que un control remoto malicioso cree/actualice/elimine publicaciones arbitrarias en canales arbitrarios
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 7.1
CPE cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
First Time Mattermost
Mattermost mattermost Server
CWE NVD-CWE-noinfo

01 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 15:15

Updated : 2024-09-04 17:25


NVD link : CVE-2024-41144

Mitre link : CVE-2024-41144

CVE.ORG link : CVE-2024-41144


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control