VYPR
Moderate severityNVD Advisory· Published Oct 29, 2024· Updated Oct 29, 2024

Arbitrary post deletion via Playbooks /ignore-thread endpoint

CVE-2024-50052

Description

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20240926115259-20ed58906adc8.0.0-20240926115259-20ed58906adc

Affected products

42

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.