CVE-2024-29221

LOW Year: 2024
CVSS v3 Score
3.8
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins.

Related Vulnerabilities

CVE-2017-18384

LOW
CVSS:3.8(Low)

cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).

CWE-2842017

CVE-2023-27303

LOW
CVSS:3.8(Low)

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.

CWE-2842023

CVE-2024-21247

LOW
CVSS:3.8(Low)

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploit...

CWE-2842024

CVE-2013-2423

LOW
CVSS:3.7(Low)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors rela...

CWE-2842013

CVE-2016-0208

LOW
CVSS:3.7(Low)

IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.

CWE-2842016

CVE-2016-2960

LOW
CVSS:3.7(Low)

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 ...

CWE-2842016