CVE-2024-39836

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 23, 2024
CWE ID 693

Summary

CVE-2024-39836 identifies a vulnerability in Mattermost versions 9.9.x up to 9.9.1, 9.5.x up to 9.5.7, 9.10.x up to 9.10.0, and 9.8.x up to 9.8.2, which allows remote or synthetic users to create sessions or reset passwords using munged email addresses from shared channels. This flaw can lead to unauthorized access and manipulation of accounts due to the acceptance of valid email addresses for notifications and password resets, posing a medium severity risk with an exploitability score of 2.2. To remediate the issue, organizations should upgrade their Mattermost installations to versions beyond those specified in the vulnerability disclosure as soon as possible. The potential danger includes low integrity and confidentiality impacts, which could facilitate unauthorized actions within the application environment without requiring user interaction or special privileges. More information can be found in the vendor's security updates at Mattermost's official website.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share