/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-50052

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-50052

CGA ID

CGA-qjqf-v5gx-56r2

Severity

4.3

Medium

CVSS V3

Summary

Mattermost server allows authenticated user to delete arbitrary post

Description

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.

References

  • https://images.chainguard.dev/security/CGA-qjqf-v5gx-56r2
  • https://github.com/advisories/GHSA-g376-m3h3-mj4r
  • https://nvd.nist.gov/vuln/detail/CVE-2024-50052
  • https://github.com/mattermost/mattermost
  • https://mattermost.com/security-updates

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation