CVE-2024-21848 · CVEKit

cve.orgen

211 chars

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

NVDen

211 chars

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

OSV.deven

450 chars

Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.1.11.

GHSAen

209 chars

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

NVDes

236 chars

El control de acceso inadecuado en las versiones 8.1.x anteriores a 8.1.11 de Mattermost Server permite que un atacante que se encuentra en un canal con una llamada activa siga participando en la llamada incluso si se elimina del canal.

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	3.1	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N