CVE-2024-2447

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-2447
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2447.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-2447
Aliases
Published
2024-04-05T09:15:09Z
Modified
2025-01-15T05:10:45.248862Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.

References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost
Events
Type
GIT
Repo
https://github.com/mattermost/mattermost-server
Events

Affected versions

@mattermost/client@9.*

@mattermost/client@9.3.0
@mattermost/client@9.4.0

@mattermost/types@9.*

@mattermost/types@9.3.0
@mattermost/types@9.4.0

v9.*

v9.3.0
v9.3.0-rc2
v9.3.1
v9.3.1-rc1
v9.3.1-rc2
v9.3.2
v9.3.2-rc1
v9.4.0
v9.4.0-rc4
v9.4.1
v9.4.2
v9.4.2-rc1
v9.4.2-rc2
v9.4.3
v9.4.3-rc1