Количество 3
Количество 3
CVE-2024-41926
Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.
CVE-2024-41926
Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate ...
GHSA-9fpw-c9x7-cv3j
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-41926 Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | CVSS3: 2.7 | 0% Низкий | больше 1 года назад |
| CVE-2024-41926 Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate ... | CVSS3: 2.7 | 0% Низкий | больше 1 года назад |
| GHSA-9fpw-c9x7-cv3j Mattermost allows remote actor to set arbitrary RemoteId values for synced users | CVSS3: 2.7 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу