Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
https://mattermost.com/security-updates
Source: Mitre, NVD
Published: 2024-08-01
Updated: 2024-08-01
Base Score: 3.3
Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:N
Severity: Low
Base Score: 2.7
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N