CVE-2024-21848

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost Server versions 8.1.x before 8.1.11

Description The issue is related to improper access control, allowing an attacker to continue participating in a call even after being removed from the channel. This occurs when the attacker is in a channel with an active call.

Recommendations For versions 8.1.x before 8.1.11, update to version 8.1.11 or later to resolve the issue. As a temporary workaround, consider restricting access to channels with active calls to minimize the risk of exploitation.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-273

Related Identifiers

BIT-MATTERMOST-2024-21848

CVE-2024-21848

GHSA-XP9J-8P68-9Q93

GO-2024-2707

Affected Products

Mattermost Server

CVE-2024-21848

Weakness Enumeration

Related Identifiers

Affected Products

References · 12