CVE-2024-39832
published 2024-08-01CVE-2024-39832: Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote…
PriorityP343high8.7CVSS 3.1
AVNACLPRHUINSCCNIHAH
EPSS
0.46%
36.6th percentile
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 9.5.0+incompatible < 9.5.7+incompatible | 9.5.7+incompatible |
| github.com | mattermost_mattermost-server | >= 9.7.0+incompatible < 9.7.6+incompatible | 9.7.6+incompatible |
| github.com | mattermost_mattermost-server | >= 9.8.0+incompatible < 9.8.2+incompatible | 9.8.2+incompatible |
| github.com | mattermost_mattermost-server | >= 9.9.0+incompatible < 9.9.1+incompatible | 9.9.1+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 9.5.0 < 9.5.7 | 9.5.7 |
| github.com | mattermost_mattermost_server_v8 | >= 9.7.0 < 9.7.6 | 9.7.6 |
| github.com | mattermost_mattermost_server_v8 | >= 9.8.0 < 9.8.2 | 9.8.2 |
| github.com | mattermost_mattermost_server_v8 | >= 9.9.0 < 9.9.1 | 9.9.1 |
| mattermost | mattermost | — | — |
| mattermost | mattermost | >= 9.5.0 < 9.5.7 | 9.5.7 |
| mattermost | mattermost | 9.5.0 – 9.5.6 | — |
| mattermost | mattermost | >= 9.7.0 < 9.7.6 | 9.7.6 |
| mattermost | mattermost | 9.7.0 – 9.7.5 | — |
| mattermost | mattermost | >= 9.8.0 < 9.8.2 | 9.8.2 |
| mattermost | mattermost | 9.8.0 – 9.8.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
osv·2024-08-06
CVE-2024-39832 Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
OSV
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
osv·2024-08-01
CVE-2024-39832 [MEDIUM] Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled.
GHSA
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
ghsa·2024-08-01
CVE-2024-39832 [MEDIUM] CWE-754 Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-01
Published