CVE-2024-47145

Summary

Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost9.5.0 <= 9.5.8affected
MattermostMattermost9.11.0unaffected
MattermostMattermost9.5.9unaffected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References