Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
References
History

Fri, 13 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost Server
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:9.3.0:*:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost Server

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-02-29T10:41:38.292Z

Updated: 2024-08-12T13:16:32.143Z

Reserved: 2024-02-27T18:10:31.220Z

Link: CVE-2024-1942

cve-icon Vulnrichment

Updated: 2024-08-01T18:56:22.628Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-29T11:15:07.290

Modified: 2024-12-13T17:06:52.710

Link: CVE-2024-1942

cve-icon Redhat

No data.