PT-2024-24374 · Mattermost · Mattermost
Bharat
+1
·
Published
2024-05-26
·
Updated
2024-05-28
·
CVE-2024-32045
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 8.1.x through 8.1.12
Mattermost versions 9.5.x through 9.5.3
Mattermost versions 9.6.x through 9.6.1
Description
The issue is related to improper access controls for channel and team membership when linking a playbook run to a channel. This allows members to link their runs to private channels they were not members of.
Recommendations
For Mattermost versions 8.1.x through 8.1.12, update to a version later than 8.1.12 to resolve the issue.
For Mattermost versions 9.5.x through 9.5.3, update to a version later than 9.5.3 to resolve the issue.
For Mattermost versions 9.6.x through 9.6.1, update to a version later than 9.6.1 to resolve the issue.
Fix
Improper Access Control
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mattermost