Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-02-29T10:41:38.292Z
Updated: 2024-08-12T13:16:32.143Z
Reserved: 2024-02-27T18:10:31.220Z
Link: CVE-2024-1942
Vulnrichment
Updated: 2024-08-01T18:56:22.628Z
NVD
Status : Awaiting Analysis
Published: 2024-02-29T11:15:07.290
Modified: 2024-02-29T13:49:29.390
Link: CVE-2024-1942
Redhat
No data.