Products
Mattermost
- 9.5.0 - 9.5.3
- 9.6.0 - 9.6.1
- 8.1.0 - 8.1.12
Source
responsibledisclosure@mattermost.com
Tags
CVE-2024-36241 details
Published : May 26, 2024, 2:15 p.m.
Last Modified : May 26, 2024, 2:15 p.m.
Last Modified : May 26, 2024, 2:15 p.m.
Description
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command
CVSS Score
| 1 | 2 | 3.1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
3.1
Exploitability Score
Impact Score
Base Severity
LOW
Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://mattermost.com/security-updates | responsibledisclosure@mattermost.com |
This website uses the NVD API, but is not approved or certified by it.