PT-2024-20411 · Mattermost · Mattermost
Juho Nurminen
·
Published
2024-04-05
·
Updated
2024-12-16
·
CVE-2024-2447
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 8.1.x through 8.1.10
Mattermost versions 9.3.x through 9.3.2
Mattermost versions 9.4.x through 9.4.3
Mattermost versions 9.5.x through 9.5.1
Description
The issue is related to the failure of Mattermost to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.
Recommendations
For versions 8.1.x through 8.1.10, update to version 8.1.11 or later.
For versions 9.3.x through 9.3.2, update to version 9.3.3 or later.
For versions 9.4.x through 9.4.3, update to version 9.4.4 or later.
For versions 9.5.x through 9.5.1, update to version 9.5.2 or later.
Fix
Improper Access Control
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mattermost