CVE-2024-8071

Summary

CVE-2024-8071 affects Mattermost versions 9.9.x up to 9.9.1, 9.5.x up to 9.5.7, 9.10.x up to 9.10.0, and 9.8.x up to 9.8.2, where improper access control allows a user with system edit permissions to promote themselves to a system admin by acquiring the manage_system permission. This vulnerability poses a high risk as it can enable unauthorized users to gain significant control over the system, potentially compromising sensitive data and operations within an organization. To remediate this issue, it is recommended that affected users upgrade to the latest versions of Mattermost that address this vulnerability as outlined in their security updates advisory. The exploitation of this vulnerability requires high privileges and has been rated with a base severity score of 7.2, indicating a substantial threat level due to its potential impact on integrity and confidentiality within the network environment. Organizations are advised to monitor for any unauthorized role changes and implement stricter access controls while performing the updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.