CVE-2024-32045

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published May 26, 2024

Updated: May 28, 2024

CWE ID 284

Summary

CVE-2024-32045 is a vulnerability affecting Mattermost versions 9.5.x up to 9.5.3, 9.6.x up to 9.6.1, and 8.1.x up to 8.1.12. The issue lies in the failure to implement proper access controls when linking a playbook run to a channel. As a result, members can join and access private channels they were not authorized to be part of by linking their runs to these channels. This vulnerability poses a significant risk to the confidentiality and integrity of information shared within private channels.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wEyv0B
https://www.cve.org/CVERecord?id=CVE-2024-32045
https://nvd.nist.gov/vuln/detail/CVE-2024-32045

Back to Vulnerability Database

CVE-2024-32045

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations