CVE-2024-39836
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Summary
CVE-2024-39836 identifies a vulnerability in Mattermost versions 9.9.x up to 9.9.1, 9.5.x up to 9.5.7, 9.10.x up to 9.10.0, and 9.8.x up to 9.8.2, which allows remote or synthetic users to create sessions or reset passwords using munged email addresses from shared channels. This flaw can lead to unauthorized access and manipulation of accounts due to the acceptance of valid email addresses for notifications and password resets, posing a medium severity risk with an exploitability score of 2.2. To remediate the issue, organizations should upgrade their Mattermost installations to versions beyond those specified in the vulnerability disclosure as soon as possible. The potential danger includes low integrity and confidentiality impacts, which could facilitate unauthorized actions within the application environment without requiring user interaction or special privileges. More information can be found in the vendor's security updates at Mattermost's official website.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.