CVE | CVE-2024-4198 |
CVE Title | |
Published Date | 2024-04-26T09:15Z |
Modified Date | 2024-04-26T12:58Z |
Description | Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://mattermost.com/security-updates |
Reference Description | https://mattermost.com/security-updates |
Reference Description | |
Sources | NIST MITRE |
Note
- No CVSS data for this CVE