Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Fri, 13 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost_server:9.3.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Mattermost
Mattermost mattermost Server |
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-02-29T10:41:38.292Z
Updated: 2024-08-12T13:16:32.143Z
Reserved: 2024-02-27T18:10:31.220Z
Link: CVE-2024-1942
Vulnrichment
Updated: 2024-08-01T18:56:22.628Z
NVD
Status : Analyzed
Published: 2024-02-29T11:15:07.290
Modified: 2024-12-13T17:06:52.710
Link: CVE-2024-1942
Redhat
No data.