Mattermost: Risk of Path Traversal and CSRF Attacks

In Mattermost versions 9.9.x ≤ 9.9.1, 9.5.x ≤ 9.5.7, 9.10.x ≤ 9.10.0, and 9.8.x ≤ 9.8.2 a medium severity vulnerability CVE-2024-40886 was detected. This vulnerability allows attackers to perform a one-click path traversal and launch a CSRF attack on the User Management page. To fix this problem, users should upgrade to version 9.11.0, 9.9.2, 9.5.8, 9.10.1, 9.8.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-40886.