Vulnerability Database
296,213
Total vulnerabilities in the database
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.
| Software | From | Fixed in |
|---|---|---|
github.com/mattermost/mattermost-server
|
9.6.0-rc1 | 9.6.1 |
|
github.com/mattermost/mattermost-server
|
9.5.0 | 9.5.3 |
|
github.com/mattermost/mattermost-server
|
8.1.0 | 8.1.12 |
| mattermost / mattermost_server | 8.1.0 | 8.1.12 |
| mattermost / mattermost_server | 9.5.0 | 9.5.3 |
| mattermost / mattermost_server | 9.6.0 | 9.6.0.x |
| mattermost / mattermost_server | 9.6.0-rc1 | 9.6.0-rc1.x |
| mattermost / mattermost_server | 9.6.0-rc2 | 9.6.0-rc2.x |
| mattermost / mattermost_server | 9.6.0-rc3 | 9.6.0-rc3.x |
- https://github.com/mattermost/mattermost/commit/3d6d8a7c1f7105558fe266a1b379859a4dba4e9b
- https://github.com/mattermost/mattermost/commit/408ce4a82bb55ce27801f7044d9b3b49e82c47ed
- https://github.com/mattermost/mattermost/commit/fba5b8e348feada9b21290369c3598ccd5c04424
- https://mattermost.com/security-updates