Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Mattermost race condition
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
Permalink: https://github.com/advisories/GHSA-3g35-v53r-gpxcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 2 months ago
Updated: 2 months ago
CVSS Score: 2.6
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Identifiers: GHSA-3g35-v53r-gpxc, CVE-2024-1949
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-1949
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-3g35-v53r-gpxc
Affected Packages
go:github.com/mattermost/mattermost/server/v8
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: < 8.1.9, >= 9.0.0, < 9.4.2
Fixed in: 8.1.9, 9.4.2
All affected versions:
All unaffected versions: