CVE-2024-1942

Name of the Vulnerable Software and Affected Versions Mattermost versions 8.1.x through 8.1.8 Mattermost versions 9.2.x through 9.2.4 Mattermost version 9.3.0

Description The issue arises from the failure to sanitize metadata on posts containing permalinks under specific conditions. This allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.

Recommendations For Mattermost versions 8.1.x through 8.1.8, update to version 8.1.9 or later. For Mattermost versions 9.2.x through 9.2.4, update to version 9.2.5 or later. For Mattermost version 9.3.0, update to a version later than 9.3.0. As a temporary workaround, consider restricting access to posts containing permalinks until a patch is available.