CVE-2024-36241 | THREATINT

Description

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command

PUBLISHED Reserved 2024-05-23 | Published 2024-05-26 | Updated 2024-08-02 | Assigner Mattermost

LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-284: Improper Access Control

Product status

Default status

unaffected

9.5.0 (semver)

affected

9.6.0 (semver)

affected

8.1.0 (semver)

affected

9.7.0

unaffected

9.5.4

unaffected

9.6.2

unaffected

8.1.13

unaffected

Credits

Juho Nurminen finder

References

mattermost.com/security-updates

cve.org (CVE-2024-36241)

nvd.nist.gov (CVE-2024-36241)

Download JSON