Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates |
Configurations
No configuration.
History
26 Apr 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-26 09:15
Updated : 2024-04-26 12:58
NVD link : CVE-2024-4198
Mitre link : CVE-2024-4198
CVE.ORG link : CVE-2024-4198
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control