CVE-2024-47145Improper Access Control in Server

CWE-284Improper Access Control5 documents4 sources
Severity
4.3MEDIUMNVD
CNA3.1OSV5.5
EPSS
0.3%
top 48.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mattermost ServerLinux KernelMattermost
Timeline
PublishedSep 26
Latest updateApr 2

Description

Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDmattermost/mattermost_server9.5.09.5.9
CVEListV5mattermost/mattermost9.5.09.5.8
Ubuntulinux/linux_kernel< 4.4.0-279.313

🔴Vulnerability Details

4
OSV
linux-fips vulnerabilities2026-04-02
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2026-04-01
GHSA
GHSA-326r-7r4v-wq8c: Mattermost versions 92024-09-26
CVEList
Unauthorized access on archived channels via file links2024-09-26
CVE-2024-47145 — Improper Access Control in Server | cvebase