Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ
Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests.
Permalink: https://github.com/advisories/GHSA-5fh7-7mw7-mmx5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 12 days ago
Updated: 11 days ago
CVSS Score: 2.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-5fh7-7mw7-mmx5, CVE-2024-4195
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-4195
- https://mattermost.com/security-updates
- https://github.com/mattermost/mattermost/commit/1e3497e0595bb4f9908c94dd9d4685d48556b7e8
- https://github.com/mattermost/mattermost/commit/f0872dd4e4ba34f061aa6982a71c7c29532aac2e
- https://github.com/advisories/GHSA-5fh7-7mw7-mmx5
Blast Radius: 5.6
Affected Packages
go:github.com/mattermost/mattermost-server
Dependent packages: 131Dependent repositories: 122
Downloads:
Affected Version Ranges: >= 8.1.0, <= 8.1.11, >= 9.5.0, <= 9.5.2
Fixed in: 8.1.12, 9.5.3
All affected versions: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.9, 9.5.0, 9.5.1, 9.5.2
All unaffected versions: 0.5.0, 0.6.0, 1.0.0, 1.1.0, 1.1.1, 1.2.1, 1.3.0, 1.4.0, 2.0.0, 2.1.0, 2.2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 3.9.1, 3.9.2, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.8.0, 4.8.1, 4.8.2, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9, 4.10.10, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 5.4.0, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.8.0, 5.8.1, 5.8.2, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.10.0, 5.10.1, 5.10.2, 5.11.0, 5.11.1, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.4.5, 9.5.3, 9.6.0, 9.6.1