Unsolicited Invite Vulnerability in Mattermost Product
CVE-2024-39777

9.6CRITICAL

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-39777?

The vulnerability identified in specific versions of Mattermost allows unauthorized attackers to exploit the shared channel feature. This includes the potential for unsolicited invites that can inadvertently expose local channels, thereby compromising sensitive communications without consent from local administrators. Attackers can manipulate channel Ids, granting them unintended access to internal discussions and potentially exposing sensitive information to unauthorized parties.

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024