CVE-2024-42406

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 284

Summary

CVE-2024-42406 affects Mattermost versions 9.11.x up to 9.11.0, 9.10.x up to 9.10.1, 9.9.x up to 9.9.2, and 9.5.x up to 9.5.8, where improper authorization allows attackers to access information from archived channels when viewing is disabled. This vulnerability poses a potential risk by enabling unauthorized retrieval of posts and files, including flagged or unread content, which could compromise the confidentiality of sensitive communications within an organization. To remediate this issue, users are advised to upgrade their Mattermost installations to the latest patched versions as detailed in the security updates on the Mattermost website. The vulnerability has a medium severity rating with an exploitability score of 2.8 and requires low privileges with no user interaction needed for exploitation over a network attack vector. Overall, addressing this vulnerability is crucial to safeguarding organizational data from potential unauthorized access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share