CVE-2024-12247
CVSS 3.1 Score 4.6 of 10 (medium)
Details
Published Dec 5, 2024
CWE ID 863
Summary
CVE-2024-12247 is a vulnerability affecting Mattermost versions 9.7.x through 9.9.x. During this period, which includes releases 9.7.5, 9.8.2, and 9.9.2, the platform failed to adequately propagate permission scheme updates across cluster nodes. As a result, users could maintain their previous permissions even after a permission scheme update, posing a security risk. This issue could potentially enable unauthorized access and privilege escalation within affected Mattermost environments.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mattermost Server
Affected Vendors
- Mattermost, Inc.