CVE-2024-43813

Summary

CVE-2024-43813 identifies a vulnerability in Mattermost versions 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0, which fails to implement proper access controls, allowing authenticated users, including guests, to mark any channel within any team as read for other users. This vulnerability poses a medium-level risk with an exploitability score of 2.8, as it requires low privileges and does not necessitate user interaction, making it accessible over the network. Affected products include various instances of Mattermost identified by specific version labels like x_5wcr and w5LGsA through w5LGsP. Organizations are advised to remediate this issue by upgrading to the latest versions of Mattermost that address this access control flaw. Failure to address this could enable unauthorized visibility into team communications, potentially compromising information integrity within the organization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.