CVE-2024-45843

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Sep 26, 2024
CWE ID 918

Summary

CVE-2024-45843 identifies a vulnerability in Mattermost versions 9.5.x up to 9.5.8, where the SSRF denylist omits metadata endpoints for Oracle Cloud and Alibaba. This oversight could enable attackers to exploit Server Side Request Forgery (SSRF) if Mattermost is hosted on these cloud platforms, posing a low-level security risk with potential confidentiality impacts. To remediate this issue, organizations should upgrade to a patched version of Mattermost that includes the necessary denylist updates. The vulnerability has a CVSS base score of 3.1, indicating low severity but requires careful attention due to its network attack vector and high attack complexity. Affected products include various Mattermost deployments associated with multiple identifiers such as 'y-pd4p' and 'yUNTA7'.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share