Unsolicited Invite Vulnerability in Mattermost Product
CVE-2024-39777

9.6CRITICAL

Key Information:

Vendor
Mattermost
Status
Mattermost
Vendor
CVE Published:
1 August 2024

Summary

The vulnerability identified in specific versions of Mattermost allows unauthorized attackers to exploit the shared channel feature. This includes the potential for unsolicited invites that can inadvertently expose local channels, thereby compromising sensitive communications without consent from local administrators. Attackers can manipulate channel Ids, granting them unintended access to internal discussions and potentially exposing sensitive information to unauthorized parties.

References

https://mattermost.com/security-updates

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.