CVE-2024-1949

Summary

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost8.1.0 <= 8.1.8affected
MattermostMattermost9.4.0 <= 9.4.1affected
MattermostMattermost9.5unaffected
MattermostMattermost9.4.2unaffected
MattermostMattermost8.1.9unaffected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References