Security Advisory

CVE-2024-4198

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-26 08:26:11

Last updated 2024-08-01 20:33:52

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.

← Browse all CVEs View on cve.org ↗