CVE-2024-41926 - OpenCVE

Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Mattermost	Mattermost Server

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server:9.9.0:::::::*

No data.

References

Link	Providers
https://mattermost.com/security-updates

History

Wed, 04 Sep 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mattermost Mattermost mattermost Server
Weaknesses		CWE-346
CPEs		cpe:2.3:a:mattermost:mattermost_server:::::::: cpe:2.3:a:mattermost:mattermost_server:9.9.0:::::::*
Vendors & Products		Mattermost Mattermost mattermost Server

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-08-01T14:05:10.650Z

Updated: 2024-08-01T14:32:10.107Z

Reserved: 2024-07-23T18:35:14.800Z

Link: CVE-2024-41926

Vulnrichment

Updated: 2024-08-01T14:32:04.183Z

NVD

Status : Analyzed

Published: 2024-08-01T15:15:13.900

Modified: 2024-09-04T16:55:35.570

Link: CVE-2024-41926

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41926", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2024-07-23T18:35:14.800Z", "datePublished": "2024-08-01T14:05:10.650Z", "dateUpdated": "2024-08-01T14:32:10.107Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"status": "affected", "version": "9.9.0"}, {"lessThanOrEqual": "9.5.6", "status": "affected", "version": "9.5.0", "versionType": "semver"}, {"status": "unaffected", "version": "9.10.0"}, {"status": "unaffected", "version": "9.9.1"}, {"status": "unaffected", "version": "9.5.7"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.</p>"}], "value": "Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs,\u00a0which allows a malicious remote to\u00a0set arbitrary RemoteId values for synced users and therefore\u00a0claim that a user was synced from another remote."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-08-01T14:05:10.650Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7 or higher.</p>"}], "value": "Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7 or higher."}], "source": {"advisory": "MMSA-2024-00343", "defect": ["https://mattermost.atlassian.net/browse/MM-58252"], "discovery": "INTERNAL"}, "title": "Malicious remote can claim that a user was synced from another remote", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T14:31:59.417867Z", "id": "CVE-2024-41926", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:32:10.107Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41926", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T14:31:59.417867Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:32:04.183Z"}}], "cna": {"title": "Malicious remote can claim that a user was synced from another remote", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-58252"], "advisory": "MMSA-2024-00343", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "9.9.0"}, {"status": "affected", "version": "9.5.0", "versionType": "semver", "lessThanOrEqual": "9.5.6"}, {"status": "unaffected", "version": "9.10.0"}, {"status": "unaffected", "version": "9.9.1"}, {"status": "unaffected", "version": "9.5.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7 or higher.", "supportingMedia": [{"type": "text/html", "value": "<p>Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7 or higher.</p>", "base64": false}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs,\u00a0which allows a malicious remote to\u00a0set arbitrary RemoteId values for synced users and therefore\u00a0claim that a user was synced from another remote.", "supportingMedia": [{"type": "text/html", "value": "<p>Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-08-01T14:05:10.650Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41926", "state": "PUBLISHED", "dateUpdated": "2024-08-01T14:32:10.107Z", "dateReserved": "2024-07-23T18:35:14.800Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2024-08-01T14:05:10.650Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBEB8F40-C2DE-4E6F-8772-1BBCA44795A8", "versionEndExcluding": "9.5.7", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BE71910-C7C4-4F33-BFD4-40D2EAA56DB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs,\u00a0which allows a malicious remote to\u00a0set arbitrary RemoteId values for synced users and therefore\u00a0claim that a user was synced from another remote."}, {"lang": "es", "value": " Las versiones 9.9.x <= 9.9.0 y 9.5.x <= 9.5.6 de Mattermost no validan el origen de los mensajes de sincronizaci\u00f3n y solo permiten las ID remotas correctas, lo que permite que un control remoto malicioso establezca valores RemoteId arbitrarios para usuarios sincronizados y, por lo tanto, afirmar que un usuario se sincroniz\u00f3 desde otro control remoto."}], "id": "CVE-2024-41926", "lastModified": "2024-09-04T16:55:35.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2024-08-01T15:15:13.900", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}