← Back to CVE List

CVE-2024-4198

Published: 2024-04-26T09:15Z
Last Modified: 2024-11-21T09:42Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt