CVE-2024-1949
published 2024-02-29CVE-2024-1949: A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual…
low2.6CVSS 3.1
AVNACHPRLUIRSUCLINAN
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 9.0.0+incompatible < 9.4.2+incompatible | 9.4.2+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.1.9 | 8.1.9 |
| github.com | mattermost_mattermost_server_v8 | >= 9.0.0 < 9.4.2 | 9.4.2 |
| mattermost | mattermost | 8.1.0 – 8.1.8 | — |
| mattermost | mattermost | 9.4.0 – 9.4.1 | — |
| mattermost | mattermost_server | >= 8.1.0 < 8.1.9 | 8.1.9 |
| mattermost | mattermost_server | >= 9.4.0 < 9.4.2 | 9.4.2 |