{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T17:09:01.645","vulnerabilities":[{"cve":{"id":"CVE-2024-39274","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2024-08-01T15:15:12.150","lastModified":"2024-08-23T14:39:29.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels"},{"lang":"es","value":" Las versiones de Mattermost 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 y 9.8.x <= 9.8.1 no validan correctamente que el canal que proviene del mensaje de sincronización es un canal compartido, cuando los canales compartidos están habilitados, lo que permite que un control remoto malicioso agregue usuarios a equipos y canales arbitrarios"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*","versionStartIncluding":"9.5.0","versionEndExcluding":"9.5.7","matchCriteriaId":"0942D308-9462-4C2A-A9FE-838EB5842E02"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*","versionStartIncluding":"9.7.0","versionEndExcluding":"9.7.6","matchCriteriaId":"642355DC-0EF1-4631-89D0-694AB7C9EF78"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*","versionStartIncluding":"9.8.0","versionEndExcluding":"9.8.2","matchCriteriaId":"00E80458-F38E-46EB-98FD-1CADD3FCE335"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost:9.9.0:*:*:*:*:*:*:*","matchCriteriaId":"DA215755-4D08-4B4D-9736-DAF54D2F0B9C"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}