Lucene search

[email protected]NVD:CVE-2024-31859

HistoryMay 26, 2024 - 2:15 p.m.

CVE-2024-31859

2024-05-2614:15:08

CWE-284

[email protected]

web.nvd.nist.gov

nvd

cve-2024-31859

mattermost

authorization checks

channel admin

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin

References

mattermost.com/security-updates

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-31859

vulnrichment1 cvelist1 cve1 veracode1