Home > Vulnerability Database > CVE-2024-23488

Mend.io Vulnerability Database

CVE-2024-23488

Good to know:

Date: February 29, 2024

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.

Language: Go

Severity Score

5.5

Related Resources (3)

Url: https://mattermost.com/security-updates

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23488

Url: https://www.mend.io/vulnerability-database/CVE-2024-23488

Severity Score

5.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v8.1.9,v9.4.2,v9.5.0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23488

Good to know:

Date: February 29, 2024

Language: Go

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?