CVE-2024-50052

EPSS 0.13%
Published 29.10.2024 08:15:12
Last modified 29.09.2025 14:47:32
Source responsibledisclosure@mattermo
Teams watchlist Login
Open Login

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Server Version >= 9.5.0 < 9.5.10

Mattermost ≫ Mattermost Server Version >= 9.10.0 < 9.10.3

Mattermost ≫ Mattermost Server Version >= 9.11.0 < 9.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.332

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
responsibledisclosure@mattermost.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://mattermost.com/security-updates

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-50052

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50052

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50052

EUVD