Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.
References
History

Fri, 23 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost

Thu, 22 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 06:45:00 +0000

Type Values Removed Values Added
Description Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.
Title IDOR when marking read a user's channel
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-08-22T06:30:58.923Z

Updated: 2024-08-22T19:53:37.226Z

Reserved: 2024-08-20T16:09:35.890Z

Link: CVE-2024-43813

cve-icon Vulnrichment

Updated: 2024-08-22T19:53:33.945Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-22T07:15:04.620

Modified: 2024-08-23T15:35:12.617

Link: CVE-2024-43813

cve-icon Redhat

No data.