Low severityNVD Advisory· Published Apr 5, 2024· Updated Feb 27, 2025

Users maintain access to active call after being removed from a channel

CVE-2024-21848

Description

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/mattermost/mattermost/server/v8Go	< 8.1.11	8.1.11

Affected products

Mattermost/Mattermostv5
Range: 8.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xp9j-8p68-9q93ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-21848ghsaADVISORY
mattermost.com/security-updatesghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000