CVE-2024-39361

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken functionality in the channel or thread with user-defined posts

Related Vulnerabilities

CVE-2013-6739

MEDIUM
CVSS:5.4(Medium)

IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855.

CWE-2842013

CVE-2015-5017

MEDIUM
CVSS:5.4(Medium)

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 ...

CWE-2842015

CVE-2016-0342

MEDIUM
CVSS:5.4(Medium)

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant o...

CWE-2842016

CVE-2016-10223

MEDIUM
CVSS:5.4(Medium)

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashb...

CWE-2842016

CVE-2016-2100

MEDIUM
CVSS:5.4(Medium)

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permissio...

CWE-2842016

CVE-2016-5502

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect...

CWE-2842016