VYPR
High severityNVD Advisory· Published Feb 29, 2024· Updated Aug 7, 2024

Public channel post content accessible without membership when compliance export is enabled

CVE-2024-1887

Description

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
>= 9.3.0, < 9.3.19.3.1
github.com/mattermost/mattermost/server/v8Go
>= 9.2.0, < 9.2.59.2.5
github.com/mattermost/mattermost/server/v8Go
< 8.1.98.1.9

Affected products

40

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.