Vulnerability-Lookup

CNVD-2024-13525

Vulnerability from cnvd - Published: 2024-03-14

Title

Mattermost非法授权漏洞

Description

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在非法授权漏洞，该漏洞源于Jira插件处理订阅时无法检查传入问题的安全级别，也无法根据创建订阅的用户对其进行限制，导致Jira上的注册用户能够创建网络钩子来访问所有Jira问题。攻击者可以利用该漏洞进行恶意操作。

Severity

低

Patch Name

Mattermost非法授权漏洞的补丁

Patch Description

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新： https://mattermost.com/security-updates/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-24774

Impacted products

Name
Mattermost Mattermost

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-24774",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-24774"
    }
  },
  "description": "Mattermost\u662f\u7f8e\u56fdMattermost\u516c\u53f8\u7684\u4e00\u4e2a\u5f00\u6e90\u534f\u4f5c\u5e73\u53f0\u3002\n\nMattermost\u5b58\u5728\u975e\u6cd5\u6388\u6743\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eJira\u63d2\u4ef6\u5904\u7406\u8ba2\u9605\u65f6\u65e0\u6cd5\u68c0\u67e5\u4f20\u5165\u95ee\u9898\u7684\u5b89\u5168\u7ea7\u522b\uff0c\u4e5f\u65e0\u6cd5\u6839\u636e\u521b\u5efa\u8ba2\u9605\u7684\u7528\u6237\u5bf9\u5176\u8fdb\u884c\u9650\u5236\uff0c\u5bfc\u81f4Jira\u4e0a\u7684\u6ce8\u518c\u7528\u6237\u80fd\u591f\u521b\u5efa\u7f51\u7edc\u94a9\u5b50\u6765\u8bbf\u95ee\u6240\u6709Jira\u95ee\u9898\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6076\u610f\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://mattermost.com/security-updates/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-13525",
  "openTime": "2024-03-14",
  "patchDescription": "Mattermost\u662f\u7f8e\u56fdMattermost\u516c\u53f8\u7684\u4e00\u4e2a\u5f00\u6e90\u534f\u4f5c\u5e73\u53f0\u3002\r\n\r\nMattermost\u5b58\u5728\u975e\u6cd5\u6388\u6743\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eJira\u63d2\u4ef6\u5904\u7406\u8ba2\u9605\u65f6\u65e0\u6cd5\u68c0\u67e5\u4f20\u5165\u95ee\u9898\u7684\u5b89\u5168\u7ea7\u522b\uff0c\u4e5f\u65e0\u6cd5\u6839\u636e\u521b\u5efa\u8ba2\u9605\u7684\u7528\u6237\u5bf9\u5176\u8fdb\u884c\u9650\u5236\uff0c\u5bfc\u81f4Jira\u4e0a\u7684\u6ce8\u518c\u7528\u6237\u80fd\u591f\u521b\u5efa\u7f51\u7edc\u94a9\u5b50\u6765\u8bbf\u95ee\u6240\u6709Jira\u95ee\u9898\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6076\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mattermost\u975e\u6cd5\u6388\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mattermost Mattermost"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-24774",
  "serverity": "\u4f4e",
  "submitTime": "2024-03-01",
  "title": "Mattermost\u975e\u6cd5\u6388\u6743\u6f0f\u6d1e"
}

CVE-2024-24774 (GCVE-0-2024-24774)

Vulnerability from cvelistv5 – Published: 2024-02-09 14:46 – Updated: 2024-08-21 15:26

Title

Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)

Summary

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Severity ?

3.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

CWE

CWE-863 - Incorrect Authorization

Assigner

Mattermost

References

URL

Tags

https://mattermost.com/security-updates

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Affected: 0 , ≤ 8.1.7 (semver) Unaffected: 8.1.8

Credits

Michael Kochell

Show details on NVD website

JSON

To clipboard Create KEV Entry

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:12.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mattermost.com/security-updates"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T15:25:20.905486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T15:26:06.746Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "8.1.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "8.1.8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Michael Kochell"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in\u0026nbsp;registered users on Jira being able to create webhooks that give them access to all Jira issues.\u003c/p\u003e"
            }
          ],
          "value": "Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in\u00a0registered users on Jira being able to create webhooks that give them access to all Jira issues.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-09T14:46:58.777Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost Server to versions 8.1.8 or higher. Alternatively, update the Mattermost Jira Plugin to version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.0.1 or higher.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost Server to versions 8.1.8 or higher. Alternatively, update the Mattermost Jira Plugin to version\u00a04.0.1 or higher.\u00a0\n\n"
        }
      ],
      "source": {
        "advisory": "MMSA-2023-00187",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-44212"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2024-24774",
    "datePublished": "2024-02-09T14:46:58.777Z",
    "dateReserved": "2024-01-30T10:23:06.701Z",
    "dateUpdated": "2024-08-21T15:26:06.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-13525

CVE-2024-24774 (GCVE-0-2024-24774)

Tags

Sightings

Nomenclature