CVE-2024-46872 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-46872 PUBLISHED CVSS 4.599999904632568 MEDIUM

Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery

EPSS 0.12% · 30.8th percentile

Risk Scores

CVSS v3.1

4.599999904632568

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

EPSS Score

0.12%

30.8th percentile

Affected Products

Vendor	Product	Versions
Mattermost	Mattermost	9.10.0, 9.11.0, 9.5.0
mattermost	mattermost_server	9.5.0, 9.10.0, 9.11.0
github.com	mattermost/mattermost/server/v8	0, 0

Timeline

Oct 29, 2024 CVE Published
Oct 29, 2024 Coalition ESS Score
Oct 29, 2024 PoC Published
Oct 30, 2024 EPSS Score
Oct 30, 2024 Coalition ESS Score
Nov 4, 2024 CVE Updated
Nov 8, 2024 Coalition ESS Score
Nov 17, 2024 EPSS Score
Dec 5, 2024 EPSS Score
Dec 23, 2024 EPSS Score
Jan 9, 2025 EPSS Score
Jan 27, 2025 EPSS Score

References

https://mattermost.com/security-updates url
https://nvd.nist.gov/vuln/detail/CVE-2024-46872 advisory
https://github.com/advisories/GHSA-762g-9p7f-mrww advisory
https://github.com/mattermost/mattermost package

Open in Interactive Console →