CVE-2024-29221 | Mattermost Server up to 8.1.10/9.3.2/9.4.3/9.5.1/9.6.0 Add Member /api/v4/users/me/teams access control

Posted by Angelo Barbosa | Apr 5, 2024 | CVE

A vulnerability has been found in Mattermost Server up to 8.1.10/9.3.2/9.4.3/9.5.1/9.6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v4/users/me/teams of the component Add Member Handler. The manipulation leads to improper access controls.

This vulnerability is known as CVE-2024-29221. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-29221 | Mattermost Server up to 8.1.10/9.3.2/9.4.3/9.5.1/9.6.0 Add Member /api/v4/users/me/teams access control

Related Posts

CVE-2024-0610 | Piraeus Bank WooCommerce Payment Gateway up to 1.6.5.1 on WordPress sql injection

CVE-2024-5587 | Casdoor up to 1.335.0 Configuration File /conf/app.conf file access (cve-casdoor)

CVE-2024-6940 | DedeCMS 5.7.114 article_template_rand.php code injection

CVE-2024-4351 | Tutor LMS Pro Plugin up to 2.7.0 on WordPress authorization