CVE-2024-40884

Summary

CVE-2024-40884 affects Mattermost versions 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0, where improper permission enforcement allows team admins without "Add Team Members" permission to disable the invite URL feature. This vulnerability poses a low severity risk, with an exploitability score of 1.2 and requires high privileges for exploitation over a network without user interaction. Organizations using these versions are at risk of unauthorized changes to team member invitations, potentially disrupting team collaboration and increasing administrative overhead. To remediate this issue, users are advised to update their Mattermost installations to the latest version as recommended in security updates from Mattermost's official site. For more information on mitigation steps, users can refer to the Mattermost security updates page linked in the references.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.