CVE-2024-39836 — MEDIUM (4.8)

Q: How severe is CVE-2024-39836?

CVE-2024-39836 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-39836?

Check the references section above for vendor advisories and patch information. Affected products include: Mattermost Mattermost.

Vulnerability Description

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mattermost	Mattermost	>= 9.5.0, < 9.5.8

Related Weaknesses (CWE)

CWE-693

References

https://mattermost.com/security-updatesVendor Advisory

FAQ

What is CVE-2024-39836?

CVE-2024-39836 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged e...

How severe is CVE-2024-39836?

CVE-2024-39836 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39836?

Check the references section above for vendor advisories and patch information. Affected products include: Mattermost Mattermost.