CVE-2024-1949
EUVD-2024-048429.02.2024, 11:15
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 8.1.0 ≤ 𝑥 < 8.1.9 |
| mattermost | mattermost_server | 9.4.0 ≤ 𝑥 < 9.4.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 8.1.0 ≤ 𝑥 ≤ 8.1.8 | CNA |
| mattermost | mattermost | 9.4.0 ≤ 𝑥 ≤ 9.4.1 | CNA |
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.