BIT-mattermost-2024-42406
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2024-42406.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-mattermost-2024-42406
- Aliases
- Published
- 2024-10-02T07:15:56.054Z
- Modified
- 2025-04-03T14:40:37.652Z
- Summary
- [none]
- Details
-
Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files.
- Database specific
{ "cpes": [ "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:mattermost:mattermost_server:9.11.0:-:*:*:*:*:*:*", "cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc3:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / mattermost
Package
- Name
- mattermost
- Purl
- pkg:bitnami/mattermost
Severity
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced9.5.0Fixed9.5.9Introduced9.9.0Fixed9.9.3Introduced9.10.0Fixed9.10.2
- Type
- SEMVER
- Events
-
Introduced9.11.0-rc1Last affected9.11.0-rc1Introduced9.11.0-rc2Last affected9.11.0-rc2Introduced9.11.0-rc3Last affected9.11.0-rc3Introduced9.11.0Last affected9.11.0