PT-2024-24246 · Mattermost · Mattermost
Bharat
·
Published
2024-05-26
·
Updated
2024-05-28
·
CVE-2024-31859
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 8.1.x through 8.1.12
Mattermost versions 9.5.x through 9.5.3
Mattermost versions 9.6.x through 9.6.1
Description
The issue is related to improper authorization checks. This allows a member running a playbook in an existing channel to be promoted to a channel admin.
Recommendations
For versions 8.1.x through 8.1.12, update to a version that includes the necessary authorization checks.
For versions 9.5.x through 9.5.3, update to a version that includes the necessary authorization checks.
For versions 9.6.x through 9.6.1, update to a version that includes the necessary authorization checks.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost