216.73.217.126

CVE-2024-42406

· Published 26/09/2024 08:15 · Modified 01/10/2024 11:15

Labels: CVE-2024-42406 2024-09-26CVE-2024-42406CWE-284NVD-CWE-noinfo[email protected]

Essential information

Published
26/09/2024 08:15
Modified
01/10/2024 11:15
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:-:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc1:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc2:*:*:*:*:*:*
mattermost / mattermost server cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc3:*:*:*:*:*:*

References