CVE-2024-9155

🗓️ 26 Sep 2024 14:57:43Reported by MattermostType

Mattermost version 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 access control issu

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-9155	26 Sep 202417:59	–	circl
CNNVD	Mattermost 安全漏洞	26 Sep 202400:00	–	cnnvd
CNVD	Mattermost Unauthorized Access Vulnerability	29 Sep 202400:00	–	cnvd
Cvelist	CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files	26 Sep 202414:57	–	cvelist
EUVD	EUVD-2024-49759	3 Oct 202520:07	–	euvd
Tenable Nessus	Mattermost Server 9.5.x < 9.5.9 / 9.9.x < 9.9.3 / 9.10.x < 9.10.2 (MMSA-2024-00362)	18 Oct 202400:00	–	nessus
NVD	CVE-2024-9155	26 Sep 202415:15	–	nvd
Positive Technologies	PT-2024-39459 · Mattermost · Mattermost	26 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-9155	23 May 202510:36	–	redhatcve
Veracode	Unauthorized Access	30 Sep 202411:10	–	veracode

NVD

Node

mattermost mattermost_serverRange9.5.0–9.5.9

mattermost mattermost_serverRange9.9.0–9.9.3

mattermost mattermost_serverRange9.10.0–9.10.2

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.10.1",
        "status": "affected",
        "version": "9.10.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.9.2",
        "status": "affected",
        "version": "9.9.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.5.8",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.11.0"
      },
      {
        "status": "unaffected",
        "version": "9.10.2"
      },
      {
        "status": "unaffected",
        "version": "9.9.3"
      },
      {
        "status": "unaffected",
        "version": "9.5.9"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

29 Sep 2025 13:50Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.00278

SSVC

CWE-863