CVE-2024-42497

CVSS 3.1 Score 6.0 of 10 (medium)

Details

Published Aug 22, 2024
CWE ID 284

Summary

CVE-2024-42497 affects Mattermost versions 9.9.x through 9.9.1, 9.5.x through 9.5.7, 9.10.x through 9.10.0, and 9.8.x through 9.8.2, where improper permission enforcement allows users with read-only access to perform write operations on teams. This vulnerability poses a medium-level risk with a confidentiality impact rated as high and the potential for unauthorized data manipulation within the organization’s communication platform. To remediate this issue, organizations should upgrade to the latest versions of Mattermost that address this vulnerability as outlined in their security updates page. The exploitability score is low due to the high privileges required to exploit it, but if successfully executed, it could compromise sensitive team information. Users are advised to manage their access controls diligently until a patch is applied to mitigate potential risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share