CVE-2024-4198
published 2024-04-26CVE-2024-4198: Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin…
low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 8.1.0 < 8.1.12 | 8.1.12 |
| github.com | mattermost_mattermost-server | >= 8.1.0+incompatible < 8.1.12+incompatible | 8.1.12+incompatible |
| github.com | mattermost_mattermost-server | >= 9.5.0 < 9.5.3 | 9.5.3 |
| github.com | mattermost_mattermost-server | >= 9.5.0+incompatible < 9.5.3+incompatible | 9.5.3+incompatible |
| github.com | mattermost_mattermost-server | >= 9.6.0-rc1 < 9.6.1 | 9.6.1 |
| github.com | mattermost_mattermost-server | >= 9.6.0-rc1+incompatible < 9.6.1+incompatible | 9.6.1+incompatible |
| mattermost | mattermost | — | — |
| mattermost | mattermost | 8.1.0 – 8.1.11 | — |
| mattermost | mattermost | 9.5.0 – 9.5.2 | — |
| mattermost | mattermost_server | — | — |
| mattermost | mattermost_server | >= 8.1.0 < 8.1.12 | 8.1.12 |
| mattermost | mattermost_server | >= 9.5.0 < 9.5.3 | 9.5.3 |