A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Fri, 13 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
Weaknesses | CWE-362 | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost
Mattermost mattermost Server |
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-02-29T10:41:54.916Z
Updated: 2024-08-01T18:56:22.631Z
Reserved: 2024-02-27T19:08:16.634Z
Link: CVE-2024-1949
Vulnrichment
Updated: 2024-08-01T18:56:22.631Z
NVD
Status : Analyzed
Published: 2024-02-29T11:15:08.003
Modified: 2024-12-13T17:07:37.437
Link: CVE-2024-1949
Redhat
No data.