Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 22 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL. | |
Title | Unauthorized disabling of invite URL | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-08-22T15:17:10.938Z
Updated: 2024-08-22T18:08:37.730Z
Reserved: 2024-08-16T17:27:00.338Z
Link: CVE-2024-40884
Vulnrichment
Updated: 2024-08-22T18:08:33.413Z
NVD
Status : Awaiting Analysis
Published: 2024-08-22T16:15:08.797
Modified: 2024-08-23T16:18:28.547
Link: CVE-2024-40884
Redhat