CVE-2024-39777: 
Mattermost vulnerability analysis and mitigation

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, and 9.8.x <= 9.8.1 contain a vulnerability related to shared channels functionality. The vulnerability allows unauthorized exposure of local channels through unsolicited invites when shared channels are enabled (NIST NVD, CVE MITRE).

The vulnerability is classified with a CVSS v3.1 base score of 9.6 (Critical) according to NIST NVD assessment, while Mattermost's own assessment rates it at 8.7 (High). The vulnerability is categorized under CWE-284 (Improper Access Control). The technical nature of the flaw involves a failure to properly validate and control access permissions for channel sharing functionality (NIST NVD).

When exploited, this vulnerability allows a malicious remote actor to force-share existing local channels without the consent of the local administrator. This results in unauthorized access to potentially sensitive channel content and bypasses normal administrative controls (NIST NVD).

Organizations should upgrade to the fixed versions: 9.5.7 or later for the 9.5.x series, 9.7.6 or later for the 9.7.x series, 9.8.2 or later for the 9.8.x series, or newer than 9.9.0 for the 9.9.x series (NIST NVD).