CVE-2024-43780

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 22, 2024
CWE ID 284

Summary

CVE-2024-43780 affects Mattermost versions 9.9.x up to 9.9.1, 9.5.x up to 9.5.7, as well as versions 9.10.0 and 9.8.x up to 9.8.2, due to a failure in enforcing permissions that permits guest users with read access to upload files to channels. This vulnerability poses a medium-level risk, primarily affecting the integrity of data within those channels, as it can lead to unauthorized file uploads without requiring significant privileges or user interaction. Organizations using the affected Mattermost versions are advised to remediate this issue by upgrading to secure releases as outlined in the security updates provided by Mattermost. The attack vector is network-based, and while the potential for confidentiality impact is nonexistent, the low integrity impact could lead to misuse of the platform's file-sharing capabilities. For further details and remediation instructions, users can refer to Mattermost's official security updates page at Mattermost Security Updates.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share