Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Fri, 23 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost
Mattermost mattermost |
Thu, 22 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 22 Aug 2024 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user. | |
Title | IDOR when marking read a user's channel | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-08-22T06:30:58.923Z
Updated: 2024-08-22T19:53:37.226Z
Reserved: 2024-08-20T16:09:35.890Z
Link: CVE-2024-43813
Vulnrichment
Updated: 2024-08-22T19:53:33.945Z
NVD
Status : Analyzed
Published: 2024-08-22T07:15:04.620
Modified: 2024-08-23T15:35:12.617
Link: CVE-2024-43813
Redhat
No data.