Lucene search
HistoryFeb 29, 2024 - 8:15 a.m.
CVE-2024-23488
mattermost
file access
vulnerability
archived channels
access restriction
CVSS3
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
3.9
Confidence
High
EPSS
0
Percentile
9.0%
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.
References
Related
veracode
veracode
Improper Access Control
2024-03-01 12:22:29
osv
osv
CGA-j7pv-pc6j-2hjq
2024-07-15 22:00:54
CGA-gcxg-fqr7-4cpg
2024-09-25 02:09:23
cvelist
cvelist
github
github
Mattermost fails to properly restrict the access of files attached to posts
2024-02-29 09:30:34
prion
prion
Code injection
2024-02-29 08:15:00
vulnrichment
vulnrichment
cve
cve
CVE-2024-23488
2024-02-29 08:15:47
nessus
nessus
CVSS3
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
3.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-23488