mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
147 lines
5.8 KiB
JSON
147 lines
5.8 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-1942",
|
|
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-284: Improper Access Control",
|
|
"cweId": "CWE-284"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Mattermost",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Mattermost",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"lessThanOrEqual": "9.2.4",
|
|
"status": "affected",
|
|
"version": "9.2.0",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"lessThanOrEqual": "8.1.8",
|
|
"status": "affected",
|
|
"version": "8.1.0",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"status": "affected",
|
|
"version": "9.3.0"
|
|
},
|
|
{
|
|
"status": "unaffected",
|
|
"version": "9.4"
|
|
},
|
|
{
|
|
"status": "unaffected",
|
|
"version": "9.3.1"
|
|
},
|
|
{
|
|
"status": "unaffected",
|
|
"version": "9.2.5"
|
|
},
|
|
{
|
|
"status": "unaffected",
|
|
"version": "8.1.9"
|
|
}
|
|
],
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://mattermost.com/security-updates",
|
|
"refsource": "MISC",
|
|
"name": "https://mattermost.com/security-updates"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"advisory": "MMSA-2023-00283",
|
|
"defect": [
|
|
"https://mattermost.atlassian.net/browse/MM-55495"
|
|
],
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>Update Mattermost Server to versions 9.4, 9.3.1, 9.2.5, 8.1.9 or higher.</p>"
|
|
}
|
|
],
|
|
"value": "Update Mattermost Server to versions 9.4, 9.3.1, 9.2.5, 8.1.9 or higher.\n\n"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Juho Nurminen"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |