CVE-2024-39830

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Jul 3, 2024

Updated: Jul 5, 2024

CWE ID 287

CWE ID 203

Summary

CVE-2024-39830 is a vulnerability affecting Mattermost versions 9.8.x down to 9.5.x. During remote cluster token comparison, these versions fail to employ constant time comparison for remote cluster tokens, creating an opportunity for attackers to retrieve the remote cluster token via a timing attack. This issue can be exploited when shared channels are enabled. Successful exploitation may lead to unauthorized access to Mattermost clusters and potential data breaches. Users are strongly encouraged to upgrade to patched versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wwJptL
https://www.cve.org/CVERecord?id=CVE-2024-39830
https://nvd.nist.gov/vuln/detail/CVE-2024-39830

Back to Vulnerability Database

CVE-2024-39830

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations