Input Sanitization Flaw in Mattermost Web Application
CVE-2024-46872
4.6MEDIUM
Summary
A critical input sanitization vulnerability has been discovered in Mattermost, affecting versions 9.10.2 or earlier in the 9.10.x series, 9.11.1 or earlier in the 9.11.x series, and 9.5.9 or earlier in the 9.5.x series. This vulnerability arises from the failure to properly sanitize user inputs on the frontend, enabling malicious actors to exploit it through a one-click client-side path traversal. This flaw has serious implications, as it establishes a potential pathway for Cross-Site Request Forgery (CSRF) attacks in Playbooks. Organizations using these affected versions are strongly advised to implement the recommended security updates to mitigate associated risks.
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published