CVE-2024-39777

CRITICAL Year: 2024
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-284
View all →

Vulnerability Description

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local channel will then become shared without the consent of the local admin.

Related Vulnerabilities

CVE-2016-5556

CRITICAL
CVSS:9.6(Critical)

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

CWE-2842016

CVE-2016-5568

CRITICAL
CVSS:9.6(Critical)

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

CWE-2842016

CVE-2016-5580

CRITICAL
CVSS:9.6(Critical)

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through W...

CWE-2842016

CVE-2016-5582

CRITICAL
CVSS:9.6(Critical)

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspo...

CWE-2842016

CVE-2022-26346

CRITICAL
CVSS:9.6(Critical)

A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker ...

CWE-2842022

CVE-2022-27178

CRITICAL
CVSS:9.6(Critical)

A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attac...

CWE-2842022