GHSA-hwjf-4667-gqwx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hwjf-4667-gqwx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-hwjf-4667-gqwx/GHSA-hwjf-4667-gqwx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hwjf-4667-gqwx
- Aliases
-
- BIT-mattermost-2024-1942
- CVE-2024-1942
- GO-2024-2592
- Related
- Published
- 2024-02-29T12:31:06Z
- Modified
- 2024-12-16T13:41:51.947357Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Mattermost allows attackers access to posts in channels they are not a member of
- Details
-
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
- Database specific
{ "nvd_published_at": "2024-02-29T11:15:07Z", "cwe_ids": [ "CWE-284" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-29T22:48:42Z" }- References
Affected packages
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8