Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Fri, 13 Dec 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost
Mattermost mattermost Server |
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-02-29T10:42:15.362Z
Updated: 2024-08-01T18:56:22.570Z
Reserved: 2024-02-27T19:21:09.017Z
Link: CVE-2024-1952
Vulnrichment
Updated: 2024-08-01T18:56:22.570Z
NVD
Status : Analyzed
Published: 2024-02-29T11:15:08.213
Modified: 2024-12-13T17:08:36.583
Link: CVE-2024-1952
Redhat
No data.