3 matches found
CVE-2024-23488 vulnerabilities
Vulnerabilities for packages: mattermost-fips...
CVE-2024-23488
Mattermost CVE-2024-23488 concerns a file-access control bug in archived channels. Connected advisory GO-2024-2595 describes a vulnerability in github.com/mattermost/mattermost/server/v8 prior to v8.1.9 where attachments in posts could be accessed despite channel archives settings. Affected compo...
CVE-2024-23488 Files of archived channels accessible with the “Allow users to view archived channels” option disabled
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...