CVE-2024-29221 (GCVE-0-2024-29221)

Vulnerability from cvelistv5 – Published: 2024-04-05 08:15 – Updated: 2024-08-02 01:10
VLAI?
Title
Invite ID available to team admins even without the "Add Members" permission
Summary
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins.
Severity ?
4.7 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE
  • CWE-284 - Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: 9.5.0 , ≤ 9.5.1 (semver)
Affected: 9.4.0 , ≤ 9.4.3 (semver)
Affected: 9.3.0 , ≤ 9.3.2 (semver)
Affected: 8.1.0 , ≤ 8.1.10 (semver)
Unaffected: 9.6.0
Unaffected: 9.5.2
Unaffected: 9.4.4
Unaffected: 9.3.3
Unaffected: 8.1.11
Create a notification for this product.
Credits
omar ahmed (omar-ahmed)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T17:16:33.172848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:57:08.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:10:54.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mattermost.com/security-updates"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "9.5.1",
              "status": "affected",
              "version": "9.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.4.3",
              "status": "affected",
              "version": "9.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.3.2",
              "status": "affected",
              "version": "9.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.10",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "9.6.0"
            },
            {
              "status": "unaffected",
              "version": "9.5.2"
            },
            {
              "status": "unaffected",
              "version": "9.4.4"
            },
            {
              "status": "unaffected",
              "version": "9.3.3"
            },
            {
              "status": "unaffected",
              "version": "8.1.11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "omar ahmed (omar-ahmed)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint\u0026nbsp;allowing\u0026nbsp;a team admin to get the invite ID of their team, thus allowing them to invite users, even if the \"Add Members\" permission was explicitly removed from team admins. \u003c/p\u003e"
            }
          ],
          "value": "Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint\u00a0allowing\u00a0a team admin to get the invite ID of their team, thus allowing them to invite users, even if the \"Add Members\" permission was explicitly removed from team admins. \n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-05T08:15:07.130Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost Server to versions 9.6.0, 9.5.2, 9.4.4, 9.3.3, 8.1.11 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost Server to versions 9.6.0, 9.5.2, 9.4.4, 9.3.3, 8.1.11 or higher.\n\n"
        }
      ],
      "source": {
        "advisory": "MMSA-2024-00311",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-56821"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Invite ID available to team admins even without the \"Add Members\" permission",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2024-29221",
    "datePublished": "2024-04-05T08:15:07.130Z",
    "dateReserved": "2024-04-03T10:03:48.289Z",
    "dateUpdated": "2024-08-02T01:10:54.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.1.0\", \"versionEndExcluding\": \"8.1.11\", \"matchCriteriaId\": \"66FEDCF9-277A-4D60-8A28-948068A10F91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.3.0\", \"versionEndExcluding\": \"9.3.3\", \"matchCriteriaId\": \"B4A105B6-CFF8-4FF0-A70D-F3C390AE0FAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.4.0\", \"versionEndExcluding\": \"9.4.4\", \"matchCriteriaId\": \"600DCF59-6535-484C-9DDC-E33834B90B25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.5.0\", \"versionEndExcluding\": \"9.5.2\", \"matchCriteriaId\": \"7A768D77-9FF0-4C1B-81B0-AD2187832E62\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint\\u00a0allowing\\u00a0a team admin to get the invite ID of their team, thus allowing them to invite users, even if the \\\"Add Members\\\" permission was explicitly removed from team admins. \\n\\n\"}, {\"lang\": \"es\", \"value\": \"Control de acceso inadecuado en las versiones de Mattermost Server 9.5.x anteriores a 9.5.2, 9.4.x anteriores a 9.4.4, 9.3.x anteriores a 9.3.3, 8.1.x anteriores a 8.1.11 carec\\u00edan de control de acceso adecuado en el endpoint `/api/v4/users/me/teams` que permite a un administrador de equipo obtener el ID de invitaci\\u00f3n de su equipo, lo que les permite invitar a usuarios, incluso si el permiso \\\"Agregar miembros\\\" se elimin\\u00f3 expl\\u00edcitamente de los administradores de equipo.\"}]",
      "id": "CVE-2024-29221",
      "lastModified": "2024-12-13T16:21:08.447",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"responsibledisclosure@mattermost.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 4.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 3.8, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 2.5}]}",
      "published": "2024-04-05T09:15:09.680",
      "references": "[{\"url\": \"https://mattermost.com/security-updates\", \"source\": \"responsibledisclosure@mattermost.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://mattermost.com/security-updates\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "responsibledisclosure@mattermost.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"responsibledisclosure@mattermost.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-29221\",\"sourceIdentifier\":\"responsibledisclosure@mattermost.com\",\"published\":\"2024-04-05T09:15:09.680\",\"lastModified\":\"2024-12-13T16:21:08.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint\u00a0allowing\u00a0a team admin to get the invite ID of their team, thus allowing them to invite users, even if the \\\"Add Members\\\" permission was explicitly removed from team admins. \\n\\n\"},{\"lang\":\"es\",\"value\":\"Control de acceso inadecuado en las versiones de Mattermost Server 9.5.x anteriores a 9.5.2, 9.4.x anteriores a 9.4.4, 9.3.x anteriores a 9.3.3, 8.1.x anteriores a 8.1.11 carec\u00edan de control de acceso adecuado en el endpoint `/api/v4/users/me/teams` que permite a un administrador de equipo obtener el ID de invitaci\u00f3n de su equipo, lo que les permite invitar a usuarios, incluso si el permiso \\\"Agregar miembros\\\" se elimin\u00f3 expl\u00edcitamente de los administradores de equipo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"responsibledisclosure@mattermost.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"responsibledisclosure@mattermost.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.11\",\"matchCriteriaId\":\"66FEDCF9-277A-4D60-8A28-948068A10F91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"B4A105B6-CFF8-4FF0-A70D-F3C390AE0FAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.4\",\"matchCriteriaId\":\"600DCF59-6535-484C-9DDC-E33834B90B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.5.0\",\"versionEndExcluding\":\"9.5.2\",\"matchCriteriaId\":\"7A768D77-9FF0-4C1B-81B0-AD2187832E62\"}]}]}],\"references\":[{\"url\":\"https://mattermost.com/security-updates\",\"source\":\"responsibledisclosure@mattermost.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://mattermost.com/security-updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://mattermost.com/security-updates\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:10:54.523Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29221\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-09T17:16:33.172848Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:22.716Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Invite ID available to team admins even without the \\\"Add Members\\\" permission\", \"source\": {\"defect\": [\"https://mattermost.atlassian.net/browse/MM-56821\"], \"advisory\": \"MMSA-2024-00311\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"omar ahmed (omar-ahmed)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mattermost\", \"product\": \"Mattermost\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.5.1\"}, {\"status\": \"affected\", \"version\": \"9.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.3\"}, {\"status\": \"affected\", \"version\": \"9.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.3.2\"}, {\"status\": \"affected\", \"version\": \"8.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.1.10\"}, {\"status\": \"unaffected\", \"version\": \"9.6.0\"}, {\"status\": \"unaffected\", \"version\": \"9.5.2\"}, {\"status\": \"unaffected\", \"version\": \"9.4.4\"}, {\"status\": \"unaffected\", \"version\": \"9.3.3\"}, {\"status\": \"unaffected\", \"version\": \"8.1.11\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Mattermost Server to versions 9.6.0, 9.5.2, 9.4.4, 9.3.3, 8.1.11 or higher.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUpdate Mattermost Server to versions 9.6.0, 9.5.2, 9.4.4, 9.3.3, 8.1.11 or higher.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://mattermost.com/security-updates\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint\\u00a0allowing\\u00a0a team admin to get the invite ID of their team, thus allowing them to invite users, even if the \\\"Add Members\\\" permission was explicitly removed from team admins. \\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint\u0026nbsp;allowing\u0026nbsp;a team admin to get the invite ID of their team, thus allowing them to invite users, even if the \\\"Add Members\\\" permission was explicitly removed from team admins. \u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee\", \"shortName\": \"Mattermost\", \"dateUpdated\": \"2024-04-05T08:15:07.130Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-29221\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T01:10:54.523Z\", \"dateReserved\": \"2024-04-03T10:03:48.289Z\", \"assignerOrgId\": \"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee\", \"datePublished\": \"2024-04-05T08:15:07.130Z\", \"assignerShortName\": \"Mattermost\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.