CVE-2024-1942

🗓️ 29 Feb 2024 10:41:38Reported by MattermostType

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize metadata, allowing authenticated attacker to access posts in unauthorized channels

Reporter	Title	Published	Views	Family All 22
Chainguard	CVE-2024-1942 vulnerabilities	1 May 202507:14	–	cgr
Circl	CVE-2024-1942	29 Feb 202412:31	–	circl
CNNVD	Mattermost Security Vulnerabilities	29 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-1942	29 Feb 202410:41	–	cvelist
EUVD	EUVD-2024-0657	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost allows attackers access to posts in channels they are not a member of	29 Feb 202412:31	–	github
NVD	CVE-2024-1942	29 Feb 202411:15	–	nvd
OSV	BIT-MATTERMOST-2024-1942	16 Dec 202407:16	–	osv
OSV	CGA-6GRP-P29G-G39R	25 Sep 202402:09	–	osv
OSV	CGA-FCMM-87QM-6J9X	25 Sep 202401:54	–	osv

NVD

Node

mattermost mattermost_serverRange8.1.0–8.1.9

mattermost mattermost_serverRange9.2.0–9.2.5

mattermost mattermost_serverMatch9.3.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.2.4",
        "status": "affected",
        "version": "9.2.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.8",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "9.3.0"
      },
      {
        "status": "unaffected",
        "version": "9.4"
      },
      {
        "status": "unaffected",
        "version": "9.3.1"
      },
      {
        "status": "unaffected",
        "version": "9.2.5"
      },
      {
        "status": "unaffected",
        "version": "8.1.9"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

13 Dec 2024 17:06Current

4.3Medium risk

Vulners AI Score4.3

CVSS 3.14.3

EPSS0.00226

SSVC

CWE-284