CVE-2024-1949

CVSS v3.1

2.6

Low

Vector

AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 8.1.x through 8.1.8 Mattermost versions 9.4.x through 9.4.1

Description A race condition allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

Recommendations For Mattermost versions 8.1.x through 8.1.8, update to version 8.1.9 or later. For Mattermost versions 9.4.x through 9.4.1, update to version 9.4.2 or later.

Fix

Race Condition

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-200

Related Identifiers

BIT-MATTERMOST-2024-1949

CVE-2024-1949

GHSA-3G35-V53R-GPXC

GO-2024-2588

Affected Products

Mattermost

CVE-2024-1949

Weakness Enumeration

Related Identifiers

Affected Products

References · 13