CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1952

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.7%

CVSS Severity

CVSS v3 Score 3.1

References

Products affected by CVE-2024-1952

Mattermost » Mattermost Server » Version: 8.1.0

cpe:2.3:a:mattermost:mattermost_server:8.1.0
Mattermost » Mattermost Server » Version: 8.1.1

cpe:2.3:a:mattermost:mattermost_server:8.1.1
Mattermost » Mattermost Server » Version: 8.1.2

cpe:2.3:a:mattermost:mattermost_server:8.1.2
Mattermost » Mattermost Server » Version: 8.1.3

cpe:2.3:a:mattermost:mattermost_server:8.1.3
Mattermost » Mattermost Server » Version: 8.1.4

cpe:2.3:a:mattermost:mattermost_server:8.1.4
Mattermost » Mattermost Server » Version: 8.1.5

cpe:2.3:a:mattermost:mattermost_server:8.1.5
Mattermost » Mattermost Server » Version: 8.1.6

cpe:2.3:a:mattermost:mattermost_server:8.1.6
Mattermost » Mattermost Server » Version: 8.1.7

cpe:2.3:a:mattermost:mattermost_server:8.1.7
Mattermost » Mattermost Server » Version: 8.1.8

cpe:2.3:a:mattermost:mattermost_server:8.1.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1952

Products

Pricing

Contact Us