cbcvebase.
CVE-2024-39832
published 2024-08-01

CVE-2024-39832: Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote…

PriorityP343high8.7CVSS 3.1
AVNACLPRHUINSCCNIHAH
EPSS
0.46%
36.6th percentile
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled.

Affected

15 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 9.5.0+incompatible < 9.5.7+incompatible9.5.7+incompatible
github.commattermost_mattermost-server>= 9.7.0+incompatible < 9.7.6+incompatible9.7.6+incompatible
github.commattermost_mattermost-server>= 9.8.0+incompatible < 9.8.2+incompatible9.8.2+incompatible
github.commattermost_mattermost-server>= 9.9.0+incompatible < 9.9.1+incompatible9.9.1+incompatible
github.commattermost_mattermost_server_v8>= 9.5.0 < 9.5.79.5.7
github.commattermost_mattermost_server_v8>= 9.7.0 < 9.7.69.7.6
github.commattermost_mattermost_server_v8>= 9.8.0 < 9.8.29.8.2
github.commattermost_mattermost_server_v8>= 9.9.0 < 9.9.19.9.1
mattermostmattermost
mattermostmattermost>= 9.5.0 < 9.5.79.5.7
mattermostmattermost9.5.0 – 9.5.6
mattermostmattermost>= 9.7.0 < 9.7.69.7.6
mattermostmattermost9.7.0 – 9.7.5
mattermostmattermost>= 9.8.0 < 9.8.29.8.2
mattermostmattermost9.8.0 – 9.8.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.