CVE-2024-36241

LOW Year: 2024
CVSS v3 Score
3.1
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command

Related Vulnerabilities

CVE-2015-7490

LOW
CVSS:3.1(Low)

IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a ...

CWE-2842015

CVE-2016-2874

LOW
CVSS:3.1(Low)

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CWE-2842016

CVE-2016-3274

LOW
CVSS:3.1(Low)

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."

CWE-2842016

CVE-2016-3276

LOW
CVSS:3.1(Low)

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."

CWE-2842016

CVE-2016-5506

LOW
CVSS:3.1(Low)

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.

CWE-2842016

CVE-2016-8288

LOW
CVSS:3.1(Low)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.

CWE-2842016