Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-4198

Опубликовано: 26 апр. 2024
Источник: debian

Описание

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mattermost-serveritppackage

Связанные уязвимости

redhat логотип

CVE-2024-4198

CVSS3: 2.7
redhat
почти 2 года назад

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.

nvd логотип

CVE-2024-4198

CVSS3: 2.7
nvd
почти 2 года назад

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.

github логотип

GHSA-5qx9-9ffj-5r8f

CVSS3: 2.7
github
почти 2 года назад

Mattermost fails to fully validate role changes