CVE-2024-1942
published 2024-02-29CVE-2024-1942: Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 9.2.0+incompatible < 9.2.5+incompatible | 9.2.5+incompatible |
| github.com | mattermost_mattermost-server | >= 9.3.0+incompatible < 9.3.1+incompatible | 9.3.1+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.1.9 | 8.1.9 |
| github.com | mattermost_mattermost_server_v8 | >= 9.2.0 < 9.2.5 | 9.2.5 |
| github.com | mattermost_mattermost_server_v8 | >= 9.3.0 < 9.3.1 | 9.3.1 |
| mattermost | mattermost | — | — |
| mattermost | mattermost | 8.1.0 – 8.1.8 | — |
| mattermost | mattermost | 9.2.0 – 9.2.4 | — |
| mattermost | mattermost_server | — | — |
| mattermost | mattermost_server | >= 8.1.0 < 8.1.9 | 8.1.9 |
| mattermost | mattermost_server | >= 9.2.0 < 9.2.5 | 9.2.5 |