Vulnerability CVE-2024-39274
Published: 2024-08-01

Description:
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels

 References:
https://mattermost.com/security-updates
Copyright 2026, cxsecurity.com

 

Back to Top