CVE-2024-1942

Summary

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost9.2.0 <= 9.2.4affected
MattermostMattermost8.1.0 <= 8.1.8affected
MattermostMattermost9.3.0affected
MattermostMattermost9.4unaffected
MattermostMattermost9.3.1unaffected
MattermostMattermost9.2.5unaffected
MattermostMattermost8.1.9unaffected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References