CVE-2024-40886

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 23, 2024
CWE ID 352

Summary

CVE-2024-40886 identifies a vulnerability affecting Mattermost versions 9.9.x through 9.9.1, 9.5.x through 9.5.7, 9.10.x through 9.10.0, and 9.8.x through 9.8.2, which fails to properly sanitize user inputs for redirection on the frontend, enabling a one-click client-side path traversal that can lead to Cross-Site Request Forgery (CSRF) in the User Management page of the system console. The vulnerability has a medium severity score of 4.6 and an exploitability score of 2.1, indicating that it requires low privileges and user interaction for exploitation while presenting a low impact on integrity and availability but no risk to confidentiality. Organizations are advised to upgrade to fixed versions of Mattermost to remediate this issue effectively, as failure to do so may expose them to security risks associated with unauthorized actions on their platforms. For more details, users can refer to the vendor advisory available at Mattermost's security updates page.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share