CVE-2024-39830 - OpenCVE

Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mattermost	Mattermost

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::

No data.

References

Link	Providers
https://mattermost.com/security-updates

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-07-03T08:32:56.113Z

Updated: 2024-08-02T04:26:16.020Z

Reserved: 2024-07-01T10:22:11.595Z

Link: CVE-2024-39830

Vulnrichment

Updated: 2024-08-02T04:26:16.020Z

NVD

Status : Analyzed

Published: 2024-07-03T09:15:07.507

Modified: 2024-07-05T17:08:50.197

Link: CVE-2024-39830

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39830", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2024-07-01T10:22:11.595Z", "datePublished": "2024-07-03T08:32:56.113Z", "dateUpdated": "2024-08-02T04:26:16.020Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"status": "affected", "version": "9.8.0"}, {"lessThanOrEqual": "9.7.4", "status": "affected", "version": "9.7.0", "versionType": "semver"}, {"lessThanOrEqual": "9.6.2", "status": "affected", "version": "9.6.0", "versionType": "semver"}, {"lessThanOrEqual": "9.5.5", "status": "affected", "version": "9.5.0", "versionType": "semver"}, {"status": "unaffected", "version": "9.9.0"}, {"status": "unaffected", "version": "9.8.1"}, {"status": "unaffected", "version": "9.7.5"}, {"status": "unaffected", "version": "9.6.3"}, {"status": "unaffected", "version": "9.5.6"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows <span style=\"background-color: rgb(255, 255, 255);\">an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison.</span></p>"}], "value": "Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-07-03T08:32:56.113Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost to versions 9.9.0, 9.8.1, 9.7.5, 9.6.3, 9.5.6 or higher.</p>"}], "value": "Update Mattermost to versions 9.9.0, 9.8.1, 9.7.5, 9.6.3, 9.5.6 or higher."}], "source": {"advisory": "MMSA-2024-00345", "defect": ["https://mattermost.atlassian.net/browse/MM-58256"], "discovery": "INTERNAL"}, "title": "Timing attack during remote cluster token comparison when shared channels are enabled", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.8.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "9.8.0", "status": "affected"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.7.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "9.7.0", "status": "affected", "lessThanOrEqual": "9.7.4", "versionType": "custom"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.6.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "9.6.0", "status": "affected", "lessThanOrEqual": "9.6.2", "versionType": "custom"}]}, {"vendor": "mattermost", "product": "mattermost", "cpes": ["cpe:2.3:a:mattermost:mattermost:9.5.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "9.5.0", "status": "affected", "lessThanOrEqual": "9.5.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T13:13:17.503877Z", "id": "CVE-2024-39830", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T13:40:13.377Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:16.020Z"}, "title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:16.020Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39830", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-03T13:13:17.503877Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mattermost:mattermost:9.8.0:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.8.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.7.0:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.7.0", "versionType": "custom", "lessThanOrEqual": "9.7.4"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.6.0:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.6.0", "versionType": "custom", "lessThanOrEqual": "9.6.2"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:mattermost:mattermost:9.5.0:*:*:*:*:*:*:*"], "vendor": "mattermost", "product": "mattermost", "versions": [{"status": "affected", "version": "9.5.0", "versionType": "custom", "lessThanOrEqual": "9.5.5"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T13:39:38.699Z"}}], "cna": {"title": "Timing attack during remote cluster token comparison when shared channels are enabled", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-58256"], "advisory": "MMSA-2024-00345", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "9.8.0"}, {"status": "affected", "version": "9.7.0", "versionType": "semver", "lessThanOrEqual": "9.7.4"}, {"status": "affected", "version": "9.6.0", "versionType": "semver", "lessThanOrEqual": "9.6.2"}, {"status": "affected", "version": "9.5.0", "versionType": "semver", "lessThanOrEqual": "9.5.5"}, {"status": "unaffected", "version": "9.9.0"}, {"status": "unaffected", "version": "9.8.1"}, {"status": "unaffected", "version": "9.7.5"}, {"status": "unaffected", "version": "9.6.3"}, {"status": "unaffected", "version": "9.5.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 9.9.0, 9.8.1, 9.7.5, 9.6.3, 9.5.6 or higher.", "supportingMedia": [{"type": "text/html", "value": "<p>Update Mattermost to versions 9.9.0, 9.8.1, 9.7.5, 9.6.3, 9.5.6 or higher.</p>", "base64": false}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison.", "supportingMedia": [{"type": "text/html", "value": "<p>Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows <span style=\"background-color: rgb(255, 255, 255);\">an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison.</span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-07-03T08:32:56.113Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39830", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:26:16.020Z", "dateReserved": "2024-07-01T10:22:11.595Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2024-07-03T08:32:56.113Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "D07BE1B5-9663-4112-9F58-A4BAD0BEC92F", "versionEndExcluding": "9.5.6", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "08894FF3-4671-4A09-BC9C-9C2664072DE5", "versionEndExcluding": "9.6.3", "versionStartIncluding": "9.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC45455D-F190-4B91-8F5B-8E776495840D", "versionEndExcluding": "9.7.5", "versionStartIncluding": "9.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "68C48441-A3DC-4812-9E7E-92B23E1B95BB", "versionEndExcluding": "9.8.1", "versionStartIncluding": "9.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison."}, {"lang": "es", "value": "Las versiones de Mattermost 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 y 9.5.x <= 9.5.5, cuando los canales compartidos est\u00e1n habilitados, no pueden usar la comparaci\u00f3n de tiempo constante para tokens de cl\u00faster remoto, lo que permite a un atacante recuperar el token de cl\u00faster remoto mediante un ataque de sincronizaci\u00f3n durante la comparaci\u00f3n de tokens de cl\u00faster remoto."}], "id": "CVE-2024-39830", "lastModified": "2024-07-05T17:08:50.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2024-07-03T09:15:07.507", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}