Lucene search
HistoryMay 26, 2024 - 2:15 p.m.
CVE-2024-32045
mattermost
access controls
channel linkage
team membership
security vulnerability
cve-2024-32045
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS
0
Percentile
9.0%
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channelΒ which allows members to link their runs to private channels they were not members of.
References
Related
cve
cve
CVE-2024-32045
2024-05-26 14:15:09
cvelist
cvelist
CVE-2024-32045 Playbook run link to private channel grants channel access
2024-05-26 13:29:07
vulnrichment
vulnrichment
CVE-2024-32045 Playbook run link to private channel grants channel access
2024-05-26 13:29:07
veracode
veracode
Improper Access Control
2024-05-28 12:09:24
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-32045