CVE-2024-23488

Summary

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 8.1.8affected
MattermostMattermost0 <= 9.4.1affected
MattermostMattermost9.5.0unaffected
MattermostMattermost9.4.2unaffected
MattermostMattermost8.1.9unaffected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References