Page 6 of 27 results (0.012 seconds)
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0
CVE-2024-36492 – Existing local user overwritten by malicious remote
https://notcve.org/view.php?id=CVE-2024-36492
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •
CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0
CVE-2024-29977 – Malicious remote can create arbitrary reactions on arbitrary posts
https://notcve.org/view.php?id=CVE-2024-29977
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts • https://mattermost.com/security-updates • CWE-284: Improper Access Control •