CVE-2024-12247

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Dec 5, 2024
CWE ID 863

Summary

CVE-2024-12247 is a vulnerability affecting Mattermost versions 9.7.x through 9.9.x. During this period, which includes releases 9.7.5, 9.8.2, and 9.9.2, the platform failed to adequately propagate permission scheme updates across cluster nodes. As a result, users could maintain their previous permissions even after a permission scheme update, posing a security risk. This issue could potentially enable unauthorized access and privilege escalation within affected Mattermost environments.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mattermost Server

Affected Vendors

  • Mattermost, Inc.