Channel Creation Vulnerability in Mattermost by Mattermost
CVE-2024-39837

5.4MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost Server
Vendor: CVE Published:; 1 August 2024

Summary

Mattermost versions 9.9.x up to and including 9.9.0 and 9.5.x up to and including 9.5.6 exhibit a flaw in the management of channel permissions. This vulnerability allows an unauthorized remote attacker to create arbitrary channels when shared channels are enabled, potentially leading to information disclosure and misuse of the platform. Organizations using these versions are advised to implement immediate corrective actions by updating to the latest secure versions and reviewing their channel sharing settings.

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2024