Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Z3hqLWo5OGMtNTlyds4AA5p6
Mattermost fails to properly restrict the access of files attached to posts
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.
Permalink: https://github.com/advisories/GHSA-xgxj-j98c-59rvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Z3hqLWo5OGMtNTlyds4AA5p6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 2 months ago
Updated: 2 months ago
CVSS Score: 3.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-xgxj-j98c-59rv, CVE-2024-23488
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-23488
- https://mattermost.com/security-updates
- https://github.com/advisories/GHSA-xgxj-j98c-59rv
Affected Packages
go:github.com/mattermost/mattermost/server/v8
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: < 8.1.9, >= 9.0.0, < 9.4.2
Fixed in: 8.1.9, 9.4.2
All affected versions:
All unaffected versions: