See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-9155

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 26, 2024

Updated: Sep 30, 2024

CWE ID 863

Summary

CVE-2024-9155 is a vulnerability affecting Mattermost versions 9.10.x up to 9.10.1, 9.9.x up to 9.9.2, and 9.5.x up to 9.5.8. This issue arises due to a failure in the access control system. Unauthorized users can view files in channels that they are members of, even if those files have not been linked to a post. This poses a significant risk as sensitive information in unlinked channel files may be exposed. Attackers can exploit this vulnerability to gain insights into confidential data, potentially leading to data breaches. It is essential for users to update their Mattermost installations to the latest, secure versions to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost Server

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database