CVE-2024-1942
EUVD-2024-065729.02.2024, 11:15
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 8.1.0 ≤ 𝑥 < 8.1.9 |
| mattermost | mattermost_server | 9.2.0 ≤ 𝑥 < 9.2.5 |
| mattermost | mattermost_server | 9.3.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 9.2.0 ≤ 𝑥 ≤ 9.2.4 | CNA |
| mattermost | mattermost | 8.1.0 ≤ 𝑥 ≤ 8.1.8 | CNA |
| mattermost | mattermost | 9.3.0 | CNA |
Common Weakness Enumeration