CVE-2024-47145
MEDIUM4.3EPSS 0.28%Published: 9/27/2024Modified: 4/3/2025
Description
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
Affected packages (1)
- Bitnami/mattermost>= 9.5.0, < 9.5.9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |