Mattermost fails to authenticate the source of certain types of post actions

GHSA-wp43-vprh-c3w5 · BIT-mattermost-2024-2447 · CVE-2024-2447 · GO-2024-2696

Published Apr 5, 2024 · Modified Dec 16, 2024

Description

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-2447
WEB https://mattermost.com/security-updates
PACKAGE mattermost/mattermost

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes