Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.
Metrics
Affected Vendors & Products
References
History
Thu, 22 Aug 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 22 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. | |
Title | Unauthorized channel file upload | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-08-22T15:17:11.947Z
Updated: 2024-08-22T16:06:25.703Z
Reserved: 2024-08-16T17:27:00.321Z
Link: CVE-2024-43780
Vulnrichment
Updated: 2024-08-22T16:06:17.238Z
NVD
Status : Awaiting Analysis
Published: 2024-08-22T16:15:09.897
Modified: 2024-08-23T16:18:28.547
Link: CVE-2024-43780
Redhat