Description


Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.

Related CPE's


Could not find any relations

Weaknesses



CWE-284

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

7.4 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Undergoing analysis

Published

2024-08-01T15:15:11.810

3 months ago

Last modified

2024-08-01T16:45:25.400

3 months ago