CVE-2024-23488

EUVD-2024-0766
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
MattermostCNA
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
mattermostmattermost_server
𝑥
< 8.1.9
mattermostmattermost_server
9.0.0 ≤
𝑥
< 9.4.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mattermostmattermost
𝑥
≤ 8.1.8
CNA
mattermostmattermost
𝑥
≤ 9.4.1
CNA
Common Weakness Enumeration
References
https://mattermost.com/security-updates
https://mattermost.com/security-updates