CVE-2024-41144

描述

Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server

受影響套件(7)

• Bitnami/mattermost>= 9.5.0, < 9.5.7, >= 9.7.0, < 9.7.6, >= 9.8.0, < 9.8.2 | >= 9.9.0, <= 9.9.0
• Go/github.com/mattermost/mattermostfrom 0, < 5.3.2-0.20240619142046-8181a9ddffc0
• Go/github.com/mattermost/mattermost-server>= 9.5.0+incompatible, < 9.5.7+incompatible, >= 9.7.0+incompatible, < 9.7.6+incompatible, >= 9.8.0+incompatible, < 9.8.2+incompatible, >= 9.9.0+incompatible, < 9.9.1+incompatible
• Go/github.com/mattermost/mattermost-server/v5from 0
• Go/github.com/mattermost/mattermost-server/v6from 0
• Go/github.com/mattermost/mattermost/server/v8from 0
• Go/github.com/mattermost/mattermost/server/v8>= 9.5.0, < 9.5.7

CVSS 分數

參考連結(5)

• ADVISORYhttps://github.com/advisories/GHSA-vg67-chm7-8m3j
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-41144
• PATCHhttps://github.com/mattermost/mattermost
• WEBhttps://mattermost.com/security-updates
• WEBhttps://pkg.go.dev/vuln/GO-2024-3023