Home > Vulnerability Database > CVE-2024-39836

Mend.io Vulnerability Database

CVE-2024-39836

Good to know:

Date: August 22, 2024

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.

Language: Go

Severity Score

4.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39836

Url: https://github.com/mattermost/mattermost

Url: https://github.com/advisories/GHSA-c6vp-jjgv-38wj

Url: https://mattermost.com/security-updates

Url: https://www.mend.io/vulnerability-database/CVE-2024-39836

Severity Score

4.8

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Top Fix

Upgrade Version

Upgrade to version github.com/mattermost/mattermost-server - v9.5.8+incompatible

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39836

Good to know:

Date: August 22, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?