Permanently local data deletion by malicious remote
CVE-2024-39832

8.7HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 1 August 2024

Summary

An error handling vulnerability exists in Mattermost versions 9.9.x (up to 9.9.0), 9.5.x (up to 9.5.6), 9.7.x (up to 9.7.5), and 9.8.x (up to 9.8.1). This flaw permits remote attackers to exploit improper safeguarding during error management processes, particularly when shared channels are enabled. By leveraging this vulnerability, an attacker can permanently delete local data, posing serious risks to data integrity and availability in affected Mattermost environments.

Affected Version(s)

Mattermost 9.9.0

Mattermost 9.5.0 <= 9.5.6

Mattermost 9.7.0 <= 9.7.5

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 1, 2024

Credit

Juho Forsén