Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13cDQzLXZwcmgtYzN3Nc4AA6qC
Mattermost fails to authenticate the source of certain types of post actions
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.
Permalink: https://github.com/advisories/GHSA-wp43-vprh-c3w5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cDQzLXZwcmgtYzN3Nc4AA6qC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 28 days ago
Updated: 28 days ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-wp43-vprh-c3w5, CVE-2024-2447
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2447
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-wp43-vprh-c3w5
Affected Packages
go:github.com/mattermost/mattermost/server/v8
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 9.3.0, < 9.3.3, >= 9.4.0, < 9.4.4, >= 9.5.0, < 9.5.2, >= 8.1.0, < 8.1.11
Fixed in: 9.3.3, 9.4.4, 9.5.2, 8.1.11
All affected versions:
All unaffected versions: