Lucene search
HistoryApr 05, 2024 - 9:15 a.m.
CVE-2024-2447
vulnerability
mattermost
authentication bypass
impersonation
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0
Percentile
9.0%
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.
References
Related
osv
osv
cvelist
cvelist
CVE-2024-2447
2024-04-05 08:52:59
github
github
Mattermost fails to authenticate the source of certain types of post actions
2024-04-05 09:30:39
veracode
veracode
Improper Access Control
2024-04-08 07:15:21
vulnrichment
vulnrichment
CVE-2024-2447
2024-04-05 08:52:59
cve
cve
CVE-2024-2447
2024-04-05 09:15:09
nessus
nessus
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-2447