A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
References
History

Fri, 13 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost Server
Weaknesses CWE-362
CPEs cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost Server

cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-02-29T10:41:54.916Z

Updated: 2024-08-01T18:56:22.631Z

Reserved: 2024-02-27T19:08:16.634Z

Link: CVE-2024-1949

cve-icon Vulnrichment

Updated: 2024-08-01T18:56:22.631Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-29T11:15:08.003

Modified: 2024-12-13T17:07:37.437

Link: CVE-2024-1949

cve-icon Redhat

No data.