VYPR
Unrated severityNVD Advisory· Published Sep 26, 2024· Updated Sep 26, 2024

Unauthorized access on archived channels

CVE-2024-42406

Description

Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Mattermost/Mattermostllm-fuzzy2 versions
    >=9.11.0 <=9.11.0, >=9.10.0 <=9.10.1, >=9.9.0 <=9.9.2, >=9.5.0 <=9.5.8+ 1 more
    • (no CPE)range: >=9.11.0 <=9.11.0, >=9.10.0 <=9.10.1, >=9.9.0 <=9.9.2, >=9.5.0 <=9.5.8
    • (no CPE)range: 9.11.0
  • osv-coords
    Range: >= 9.5.0, < 9.5.9

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.