7.4
CVE-2024-36492
- EPSS 0.21%
- Veröffentlicht 01.08.2024 15:15:11
- Zuletzt bearbeitet 23.08.2024 14:51:08
- Quelle responsibledisclosure@mattermo
- Teams Watchlist Login
- Unerledigt Login
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Version >= 9.5.0 < 9.5.7
Mattermost ≫ Mattermost Version >= 9.7.0 < 9.7.6
Mattermost ≫ Mattermost Version >= 9.8.0 < 9.8.2
Mattermost ≫ Mattermost Version9.9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.432 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 3.1 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
|
| responsibledisclosure@mattermost.com | 7.4 | 3.1 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.