Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1meHE5LTY5NDYtMzRxN84AA-4r

High CVSS: 7.0 EPSS: 0.00092% (0.26517 Percentile) EPSS:
Permalink JSON

Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams

Affected Packages Affected Versions Fixed Versions
go:github.com/mattermost/mattermost/server/v8
PURL: pkg:go/github.com%2Fmattermost%2Fmattermost%2Fserver%2Fv8
>= 9.8.0, < 9.8.3, >= 9.9.0, < 9.9.2, >= 9.10.0, < 9.10.1, >= 9.5.0, < 9.5.8 9.8.3, 9.9.2, 9.10.1, 9.5.8
2 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

All unaffected versions

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.

References:

Identifiers

GHSA-fxq9-6946-34q7

CVE-2024-42497

Risk

Severity

High

CVSS

CVSS Score: 7.0

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00092

EPSS Percentile: 0.26517

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 1 year ago

Updated

about 5 hours ago

API

JSON