Описание
Mattermost server allows authenticated user to delete arbitrary post
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.
Пакеты
github.com/mattermost/mattermost/server/v8
< 8.0.0-20240926115259-20ed58906adc
8.0.0-20240926115259-20ed58906adc
Связанные уязвимости
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 ...
Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием процедуры авторизации, позволяющая нарушителю удалить произвольное сообщение
