CVE-2024-2447

MEDIUM

Mattermost <8.1.11-9.5.2 - Privilege Escalation

Title source: llm

Description

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.

References (1)

[Vendor Advisory] https://mattermost.com/security-updates

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 34.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284 CWE-346

Status published

Products (2)

mattermost/mattermost 8.1.0 - 8.1.11Go

mattermost/mattermost_server 8.1.0 - 8.1.11

Published Apr 05, 2024

Tracked Since Feb 18, 2026