CVE-2024-42406
published 2024-09-26CVE-2024-42406: Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | — | — |
| mattermost | mattermost | 9.10.0 – 9.10.1 | — |
| mattermost | mattermost | 9.5.0 – 9.5.8 | — |
| mattermost | mattermost | 9.9.0 – 9.9.2 | — |
| mattermost | mattermost_server | — | — |
| mattermost | mattermost_server | >= 9.10.0 < 9.10.2 | 9.10.2 |
| mattermost | mattermost_server | >= 9.5.0 < 9.5.9 | 9.5.9 |
| mattermost | mattermost_server | >= 9.9.0 < 9.9.3 | 9.9.3 |