CVE-2024-1887 Public channel post content accessible without membership when compliance export is enabled

🗓️ 29 Feb 2024 08:05:29Reported by MattermostType

Mattermost CVE-2024-1887 non-member access to public channel post

Reporter	Title	Published	Views	Family All 22
Chainguard	CVE-2024-1887 vulnerabilities	1 May 202507:14	–	cgr
Circl	CVE-2024-1887	29 Feb 202409:26	–	circl
CNNVD	Mattermost Security Vulnerabilities	29 Feb 202400:00	–	cnnvd
CVE	CVE-2024-1887	29 Feb 202408:05	–	cve
EUVD	EUVD-2024-0634	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost post fetching without auditing in compliance export	29 Feb 202409:30	–	github
Tenable Nessus	Mattermost Server < 8.1.9 / 9.2.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.4.2, 9.5.0 Multiple Vulnerabilities (MMSA-2023-00285)	7 Mar 202400:00	–	nessus
NVD	CVE-2024-1887	29 Feb 202408:15	–	nvd
OSV	CGA-5VM5-H4P8-9RGX	29 Jan 202600:46	–	osv
OSV	CGA-9C85-RG9H-4W8M	24 Jun 202414:34	–	osv

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "8.1.8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.4.0"
      },
      {
        "status": "unaffected",
        "version": "9.3.1"
      },
      {
        "status": "unaffected",
        "version": "9.2.5"
      },
      {
        "status": "unaffected",
        "version": "8.1.9"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

29 Feb 2024 08:05Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.14.3

EPSS0.00111

CWE-284