Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Thu, 26 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost
Mattermost mattermost Server |
Thu, 26 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 26 Sep 2024 08:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links. | |
Title | Unauthorized access on archived channels via file links | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-09-26T08:01:48.199Z
Updated: 2024-09-26T13:12:52.240Z
Reserved: 2024-09-23T07:55:36.353Z
Link: CVE-2024-47145
Vulnrichment
Updated: 2024-09-26T13:12:49.125Z
NVD
Status : Analyzed
Published: 2024-09-26T08:15:06.403
Modified: 2024-09-26T18:42:33.550
Link: CVE-2024-47145
Redhat
No data.