{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41162", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2024-07-23T17:55:45.298Z", "datePublished": "2024-08-01T14:05:09.501Z", "dateUpdated": "2024-08-02T15:01:29.868Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"status": "affected", "version": "9.9.0"}, {"lessThanOrEqual": "9.5.6", "status": "affected", "version": "9.5.0", "versionType": "semver"}, {"lessThanOrEqual": "9.7.5", "status": "affected", "version": "9.7.0", "versionType": "semver"}, {"lessThanOrEqual": "9.8.1", "status": "affected", "version": "9.8.0", "versionType": "semver"}, {"status": "unaffected", "version": "9.10.0"}, {"status": "unaffected", "version": "9.9.1"}, {"status": "unaffected", "version": "9.5.7"}, {"status": "unaffected", "version": "9.7.6"}, {"status": "unaffected", "version": "9.8.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost versions 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6, 9.7.x &lt;= 9.7.5 and 9.8.x &lt;= 9.8.1 fail to disallow&nbsp;the modification of local channels by a remote, when shared channels are enabled, which allows&nbsp;a malicious remote to make an arbitrary local channel read-only.</p>"}], "value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow\u00a0the modification of local channels by a remote, when shared channels are enabled, which allows\u00a0a malicious remote to make an arbitrary local channel read-only."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-08-01T14:05:09.501Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.</p>"}], "value": "Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher."}], "source": {"advisory": "MMSA-2024-00330", "defect": ["https://mattermost.atlassian.net/browse/MM-57868"], "discovery": "INTERNAL"}, "title": "Malicious remote can make an arbitrary local channel read-only", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T14:45:25.763522Z", "id": "CVE-2024-41162", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:01:29.868Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Malicious remote can make an arbitrary local channel read-only", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-57868"], "advisory": "MMSA-2024-00330", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "9.9.0"}, {"status": "affected", "version": "9.5.0", "versionType": "semver", "lessThanOrEqual": "9.5.6"}, {"status": "affected", "version": "9.7.0", "versionType": "semver", "lessThanOrEqual": "9.7.5"}, {"status": "affected", "version": "9.8.0", "versionType": "semver", "lessThanOrEqual": "9.8.1"}, {"status": "unaffected", "version": "9.10.0"}, {"status": "unaffected", "version": "9.9.1"}, {"status": "unaffected", "version": "9.5.7"}, {"status": "unaffected", "version": "9.7.6"}, {"status": "unaffected", "version": "9.8.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.", "supportingMedia": [{"type": "text/html", "value": "<p>Update Mattermost to versions 9.10.0, 9.9.1, 9.5.7, 9.7.6, 9.8.2 or higher.</p>", "base64": false}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow\u00a0the modification of local channels by a remote, when shared channels are enabled, which allows\u00a0a malicious remote to make an arbitrary local channel read-only.", "supportingMedia": [{"type": "text/html", "value": "<p>Mattermost versions 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6, 9.7.x &lt;= 9.7.5 and 9.8.x &lt;= 9.8.1 fail to disallow&nbsp;the modification of local channels by a remote, when shared channels are enabled, which allows&nbsp;a malicious remote to make an arbitrary local channel read-only.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2024-08-01T14:05:09.501Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41162", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-02T14:45:25.763522Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-08-02T15:01:22.767Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-41162", "state": "PUBLISHED", "dateUpdated": "2024-08-01T14:05:09.501Z", "dateReserved": "2024-07-23T17:55:45.298Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2024-08-01T14:05:09.501Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBEB8F40-C2DE-4E6F-8772-1BBCA44795A8", "versionEndExcluding": "9.5.7", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5C9F963-57DF-41E2-AA46-242317D93786", "versionEndExcluding": "9.7.6", "versionStartIncluding": "9.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B4559B7-83E7-41B2-96A8-51F467CCD882", "versionEndExcluding": "9.8.2", "versionStartIncluding": "9.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:9.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BE71910-C7C4-4F33-BFD4-40D2EAA56DB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow\u00a0the modification of local channels by a remote, when shared channels are enabled, which allows\u00a0a malicious remote to make an arbitrary local channel read-only."}, {"lang": "es", "value": " Las versiones de Mattermost 9.9.x &lt;= 9.9.0, 9.5.x &lt;= 9.5.6, 9.7.x &lt;= 9.7.5 y 9.8.x &lt;= 9.8.1 no permiten la modificaci\u00f3n de canales locales mediante un control remoto, cuando Los canales compartidos est\u00e1n habilitados, lo que permite que un control remoto malicioso convierta un canal local arbitrario en solo lectura."}], "id": "CVE-2024-41162", "lastModified": "2024-09-04T17:03:53.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}, "published": "2024-08-01T15:15:13.627", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}