GHSA-3g35-v53r-gpxc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3g35-v53r-gpxc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-3g35-v53r-gpxc/GHSA-3g35-v53r-gpxc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3g35-v53r-gpxc
- Aliases
-
- BIT-mattermost-2024-1949
- CVE-2024-1949
- GO-2024-2588
- Related
- Published
- 2024-02-29T12:31:06Z
- Modified
- 2024-12-16T13:41:53.109047Z
- Severity
-
- 2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Mattermost race condition
- Details
-
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
- Database specific
{ "nvd_published_at": "2024-02-29T11:15:08Z", "cwe_ids": [ "CWE-200", "CWE-362" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-02-29T22:49:24Z" }- References
Affected packages
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8