Vulnerabilities > CVE-2024-21848 - Improper Check for Dropped Privileges vulnerability in Mattermost Server

CVSS 3.1 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

high complexity

mattermost

CWE-273

NVD

Published: 2024-04-05

Updated: 2024-12-13

Summary

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

Vulnerable Configurations

Part	Description	Count
Application	Mattermost Mattermost Mattermost Server 8.1.0 Mattermost Mattermost Server 8.1.1 Mattermost Mattermost Server 8.1.3 Mattermost Mattermost Server 8.1.4 Mattermost Mattermost Server 8.1.5 Mattermost Mattermost Server 8.1.6 Mattermost Mattermost Server 8.1.7 Mattermost Mattermost Server 8.1.8 Mattermost Mattermost Server 8.1.9	17

Common Weakness Enumeration (CWE)

CWE-273 - Improper Check for Dropped Privileges

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References