CVE-2024-2447
published 2024-04-05CVE-2024-2447: Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 9.3.0+incompatible < 9.3.3+incompatible | 9.3.3+incompatible |
| github.com | mattermost_mattermost-server | >= 9.4.0+incompatible < 9.4.4+incompatible | 9.4.4+incompatible |
| github.com | mattermost_mattermost-server | >= 9.5.0+incompatible < 9.5.2+incompatible | 9.5.2+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 8.1.0 < 8.1.11 | 8.1.11 |
| github.com | mattermost_mattermost_server_v8 | >= 9.3.0 < 9.3.3 | 9.3.3 |
| github.com | mattermost_mattermost_server_v8 | >= 9.4.0 < 9.4.4 | 9.4.4 |
| github.com | mattermost_mattermost_server_v8 | >= 9.5.0 < 9.5.2 | 9.5.2 |
| mattermost | mattermost | 8.1.0 – 8.1.10 | — |
| mattermost | mattermost | 9.3.0 – 9.3.2 | — |
| mattermost | mattermost | 9.4.0 – 9.4.3 | — |
| mattermost | mattermost | 9.5.0 – 9.5.1 | — |
| mattermost | mattermost_server | >= 8.1.0 < 8.1.11 | 8.1.11 |
| mattermost | mattermost_server | >= 9.3.0 < 9.3.3 | 9.3.3 |
| mattermost | mattermost_server | >= 9.4.0 < 9.4.4 | 9.4.4 |
| mattermost | mattermost_server | >= 9.5.0 < 9.5.2 | 9.5.2 |