CVE-2024-39274 - Vulnerability Details - OpenCVE

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00203.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mattermost	Mattermost

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost:9.9.0:::::::*

No data.

No data.

Fixes

Solution

Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://mattermost.com/security-updates

History

Fri, 23 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-08-01T14:05:02.518Z

Updated: 2024-08-02T15:10:58.701Z

Reserved: 2024-07-23T18:35:14.790Z

Link: CVE-2024-39274

Vulnrichment

Updated: 2024-08-02T15:10:10.358Z

NVD

Status : Analyzed

Published: 2024-08-01T15:15:12.150

Modified: 2024-08-23T14:39:29.247

Link: CVE-2024-39274

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39274", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2024-07-23T18:35:14.790Z", "datePublished": "2024-08-01T14:05:02.518Z", "dateUpdated": "2024-08-02T15:10:58.701Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"status": "affected", "version": "9.9.0"}, {"lessThanOrEqual": "9.5.6", "status": "affected", "version": "9.5.0", "versionType": "semver"}, {"lessThanOrEqual": "9.7.5", "status": "affected", "version": "9.7.0", "versionType": "semver"}, {"lessThanOrEqual": "9.8.1", "status": "affected", "version": "9.8.0", "versionType": "semver"}, {"status": "unaffected", "version": "9.10.0"}, {"status": "unaffected", "version": "9.9.1"}, {"status": "unaffected", "version": "9.5.7"}, {"status": "unaffected", "version": "9.7.6"}, {"status": "unaffected", "version": "9.8.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels</p>"}], "value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that\u00a0the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-08-01T14:05:02.518Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.</p>"}], "value": "Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher."}], "source": {"advisory": "MMSA-2024-00342", "defect": ["https://mattermost.atlassian.net/browse/MM-58250"], "discovery": "INTERNAL"}, "title": "Malicious remote can add users to arbitrary teams and channels", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.9.0", "status": "affected"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.5.0", "status": "affected", "lessThanOrEqual": "9.5.6", "versionType": "semver"}, {"version": "9.7.0", "status": "affected", "lessThanOrEqual": "9.7.5", "versionType": "semver"}, {"version": "9.8.0", "status": "affected", "lessThanOrEqual": "9.8.1", "versionType": "semver"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.10.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.10.0", "status": "affected"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.9.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.9.1", "status": "affected"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.5.7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.5.7", "status": "affected"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.7.6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.7.6", "status": "affected"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.8.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.8.2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T14:46:09.694576Z", "id": "CVE-2024-39274", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:10:58.701Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39274", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-02T14:46:09.694576Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.9.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.5.0", "versionType": "semver", "lessThanOrEqual": "9.5.6"}, {"status": "affected", "version": "9.7.0", "versionType": "semver", "lessThanOrEqual": "9.7.5"}, {"status": "affected", "version": "9.8.0", "versionType": "semver", "lessThanOrEqual": "9.8.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.10.0:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.10.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.9.1:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.9.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.5.7:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.5.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.7.6:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.7.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.8.2:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.8.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:10:10.358Z"}}], "cna": {"title": "Malicious remote can add users to arbitrary teams and channels", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-58250"], "advisory": "MMSA-2024-00342", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "9.9.0"}, {"status": "affected", "version": "9.5.0", "versionType": "semver", "lessThanOrEqual": "9.5.6"}, {"status": "affected", "version": "9.7.0", "versionType": "semver", "lessThanOrEqual": "9.7.5"}, {"status": "affected", "version": "9.8.0", "versionType": "semver", "lessThanOrEqual": "9.8.1"}, {"status": "unaffected", "version": "9.10.0"}, {"status": "unaffected", "version": "9.9.1"}, {"status": "unaffected", "version": "9.5.7"}, {"status": "unaffected", "version": "9.7.6"}, {"status": "unaffected", "version": "9.8.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.", "supportingMedia": [{"type": "text/html", "value": "<p>Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.</p>", "base64": false}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that\u00a0the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels", "supportingMedia": [{"type": "text/html", "value": "<p>Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-08-01T14:05:02.518Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39274", "state": "PUBLISHED", "dateUpdated": "2024-08-02T15:10:58.701Z", "dateReserved": "2024-07-23T18:35:14.790Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2024-08-01T14:05:02.518Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "0942D308-9462-4C2A-A9FE-838EB5842E02", "versionEndExcluding": "9.5.7", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "642355DC-0EF1-4631-89D0-694AB7C9EF78", "versionEndExcluding": "9.7.6", "versionStartIncluding": "9.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "00E80458-F38E-46EB-98FD-1CADD3FCE335", "versionEndExcluding": "9.8.2", "versionStartIncluding": "9.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA215755-4D08-4B4D-9736-DAF54D2F0B9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that\u00a0the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels"}, {"lang": "es", "value": " Las versiones de Mattermost 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 y 9.8.x <= 9.8.1 no validan correctamente que el canal que proviene del mensaje de sincronizaci\u00f3n es un canal compartido, cuando los canales compartidos est\u00e1n habilitados, lo que permite que un control remoto malicioso agregue usuarios a equipos y canales arbitrarios"}], "id": "CVE-2024-39274", "lastModified": "2024-08-23T14:39:29.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2024-08-01T15:15:12.150", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}