Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.
Fixes

Solution

Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.


Workaround

No workaround given by the vendor.

References
History

Fri, 23 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2024-08-05T16:57:11.289Z

Reserved: 2024-07-23T17:55:45.350Z

Link: CVE-2024-36492

cve-icon Vulnrichment

Updated: 2024-08-05T16:57:06.440Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-01T15:15:11.810

Modified: 2024-08-23T14:51:08.580

Link: CVE-2024-36492

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.