CVE-2024-1949 — Sensitive Information Exposure in Mattermost Mattermost-server

CWE-200 — Sensitive Information Exposure CWE-362 — Race Condition5 documents4 sources

Severity

2.6LOWNVD

EPSS

0.3%

top 49.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-server Github.com Mattermost Mattermost Server V8 Mattermost Server +1 more

Timeline

PublishedFeb 29

Latest updateJun 28

Description

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages4 packages

▶NVDmattermost/mattermost_server8.1.0 — 8.1.9+1

▶Gogithub.com/mattermost_mattermost-server9.0.0+incompatible — 9.4.2+incompatible

▶Gogithub.com/mattermost_mattermost_server_v89.0.0 — 9.4.2+1

▶CVEListV5mattermost/mattermost8.1.0 — 8.1.8+1

🔴Vulnerability Details

OSV

Mattermost race condition in github.com/mattermost/mattermost-server↗2024-06-28

▶

CVEList

CVE-2024-1949: A race condition in Mattermost versions 8↗2024-02-29

▶

OSV

Mattermost race condition↗2024-02-29

▶

GHSA

Mattermost race condition↗2024-02-29

▶