CVE-2024-42406

MEDIUM5.4EPSS 0.28%

發布日:2024/10/2修改日:2025/4/3

描述

Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files.

受影響套件(1)

Bitnami/mattermost>= 9.5.0, < 9.5.9, >= 9.9.0, < 9.9.3, >= 9.10.0, < 9.10.2 | >= 9.11.0-rc1, <= 9.11.0-rc1, >= 9.11.0-rc2, <= 9.11.0-rc2, >= 9.11.0-rc3, <= 9.11.0-rc3, >= 9.11.0, <= 9.11.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

參考連結(2)

WEBhttps://mattermost.com/security-updates
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-42406