Lucene search
GitHub Advisory DatabaseGHSA-XGXJ-J98C-59RVHistoryFeb 29, 2024 - 9:30 a.m.
Mattermost fails to properly restrict the access of files attached to posts
2024-02-2909:30:34
CWE-284
GitHub Advisory Database
github.com
4
mattermost
file access
archived channel
security
CVSS3
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.
Affected configurations
Node
mattermostmattermostRange<8.1.9
ORmattermostmattermostRange9.0.0–9.4.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost | * | cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
Related
veracode
veracode
Improper Access Control
2024-03-01 12:22:29
osv
osv
CGA-j7pv-pc6j-2hjq
2024-07-15 22:00:54
CGA-gcxg-fqr7-4cpg
2024-09-25 02:09:23
prion
prion
Code injection
2024-02-29 08:15:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-23488
2024-02-29 08:15:47
cvelist
cvelist
cve
cve
CVE-2024-23488
2024-02-29 08:15:47
nessus
nessus
CVSS3
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for GHSA-XGXJ-J98C-59RV