Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

CVE-2024-29977

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...

Mattermost Server 9.0.x < 9.9.1 / 9.10.0 / 9.5.x < 9.5.7 (MMSA-2024-00356)

The version of Mattermost Server installed on the remote host is prior to 9.5.7 or 9.9.1 / 9.10.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00356 advisory. - Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when share...

CVE-2024-29977

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...

CVE-2024-29977 Malicious remote can create arbitrary reactions on arbitrary posts

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts...