Vulnerability Details CVE-2024-1942
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.4%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-1942
-
cpe:2.3:a:mattermost:mattermost_server:8.1.0
-
cpe:2.3:a:mattermost:mattermost_server:8.1.1
-
cpe:2.3:a:mattermost:mattermost_server:8.1.2
-
cpe:2.3:a:mattermost:mattermost_server:8.1.3
-
cpe:2.3:a:mattermost:mattermost_server:8.1.4
-
cpe:2.3:a:mattermost:mattermost_server:8.1.5
-
cpe:2.3:a:mattermost:mattermost_server:8.1.6
-
cpe:2.3:a:mattermost:mattermost_server:8.1.7
-
cpe:2.3:a:mattermost:mattermost_server:8.1.8
-
cpe:2.3:a:mattermost:mattermost_server:9.2.0
-
cpe:2.3:a:mattermost:mattermost_server:9.2.1
-
cpe:2.3:a:mattermost:mattermost_server:9.2.2
-
cpe:2.3:a:mattermost:mattermost_server:9.2.3
-
cpe:2.3:a:mattermost:mattermost_server:9.2.4
-
cpe:2.3:a:mattermost:mattermost_server:9.3.0