Lucene search

GoogleOSV:GO-2024-2595

HistoryJun 28, 2024 - 3:28 p.m.

Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

2024-06-2815:28:53

Google

osv.dev

mattermost

file access

restriction

issue

mattermost-server

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.6

Confidence

High

JSON

Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.1.9.

References

github.com/advisories/GHSA-xgxj-j98c-59rv

mattermost.com/security-updates

nvd.nist.gov/vuln/detail/CVE-2024-23488

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.6

Confidence

High

JSON

Related for OSV:GO-2024-2595