CVE-2024-12247

Summary

Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost9.7.0 <= 9.7.5affected
MattermostMattermost9.8.0 <= 9.8.2affected
MattermostMattermost9.9.0 <= 9.9.2affected
MattermostMattermost10.0.0unaffected
MattermostMattermost9.7.6unaffected
MattermostMattermost9.8.3unaffected
MattermostMattermost9.9.3unaffected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References