CVE-2024-46872 — Vulnetix

CVE-2024-46872 PUBLISHED CVSS 4.599999904632568 MEDIUM

Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery

EPSS 0.12% · 30.5th percentile

Risk Scores

CVSS 3.1

4.599999904632568

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

EPSS Score

0.12%

30.5th percentile

Affected Products

Vendor	Product	Versions
Mattermost	Mattermost	9.10.0, 9.5.0, 10.0.0
mattermost	mattermost_server	9.5.0, 9.10.0, 9.11.0
github.com	mattermost/mattermost/server/v8	0, 0

Exploit Intelligence

CIRCL seen: CVE-2024-46872 (circl-sighting)
https://mattermost.com/security-updates (circl)

Timeline

Oct 29, 2024 CVE Published
Oct 29, 2024 Coalition ESS Score
Oct 29, 2024 PoC Published
Oct 30, 2024 EPSS Score
Oct 30, 2024 Coalition ESS Score
Nov 4, 2024 CVE Updated
Nov 8, 2024 Coalition ESS Score
Nov 17, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 24, 2024 EPSS Score
Jan 12, 2025 EPSS Score
Jan 30, 2025 EPSS Score

References

https://mattermost.com/security-updates url
https://nvd.nist.gov/vuln/detail/CVE-2024-46872 advisory
https://github.com/advisories/GHSA-762g-9p7f-mrww advisory
https://github.com/mattermost/mattermost package

Open in Interactive Console →

$ Console Community · 100/wk Open console ›