CVE-2024-2447

MEDIUM

Mattermost <8.1.11-9.5.2 - Privilege Escalation

Title source: llm

Description

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.

References (1)

[Vendor Advisory] https://mattermost.com/security-updates

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 34.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-284 CWE-346

Status published

Affected Products (2)

mattermost/mattermost_server < 8.1.11

mattermost/mattermost < 8.1.11Go

Timeline

Published Apr 05, 2024

Tracked Since Feb 18, 2026