Количество 3
Количество 3
CVE-2024-29221
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins.
CVE-2024-29221
Improper Access Control in Mattermost Server versions 9.5.x before 9.5 ...
GHSA-w67v-ph4x-f48q
Mattermost Server Improper Access Control
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-29221 Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | CVSS3: 4.7 | 0% Низкий | почти 2 года назад |
| CVE-2024-29221 Improper Access Control in Mattermost Server versions 9.5.x before 9.5 ... | CVSS3: 4.7 | 0% Низкий | почти 2 года назад |
| GHSA-w67v-ph4x-f48q Mattermost Server Improper Access Control | CVSS3: 4.7 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу