CVE-2024-50052

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::

History

No history.

Information

Published : 2024-10-29 08:15

Updated : 2025-09-29 14:47

NVD link : CVE-2024-50052

Mitre link : CVE-2024-50052

CVE.ORG link : CVE-2024-50052

JSON object : View

Products Affected

mattermost

mattermost_server

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-50052", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-10-29T08:15:12.553", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to\u00a0check that the origin of the message in an integration action matches with the original post metadata\u00a0which allows an authenticated user to delete an arbitrary post."}, {"lang": "es", "value": "Las versiones de Mattermost 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 no verifican que el origen del mensaje en una acci\u00f3n de integraci\u00f3n coincida con los metadatos de la publicaci\u00f3n original, lo que permite que un usuario autenticado elimine una publicaci\u00f3n arbitraria."}], "lastModified": "2025-09-29T14:47:32.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E022FB98-95D6-4F82-9A9F-0C320633E64D", "versionEndExcluding": "9.5.10", "versionStartIncluding": "9.5.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E2037E9-B6B2-4764-A5C9-5006DCF34E94", "versionEndExcluding": "9.10.3", "versionStartIncluding": "9.10.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F0D9909-E2B9-41B3-93F7-6C666434FE7B", "versionEndExcluding": "9.11.2", "versionStartIncluding": "9.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}