CVE-2024-12247

MEDIUM Year: 2024
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated.

Related Vulnerabilities

CVE-2017-16778

MEDIUM
CVSS:4.6(Medium)

An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow phys...

CWE-8632017

CVE-2018-7926

MEDIUM
CVSS:4.6(Medium)

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtaine...

CWE-8632018

CVE-2018-7988

MEDIUM
CVSS:4.6(Medium)

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone t...

CWE-8632018

CVE-2019-5220

MEDIUM
CVSS:4.6(Medium)

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step ...

CWE-8632019

CVE-2019-5231

MEDIUM
CVSS:4.6(Medium)

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts...

CWE-8632019

CVE-2020-0473

MEDIUM
CVSS:4.6(Medium)

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical p...

CWE-8632020