CVE-2024-1887

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-1887

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1887.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-1887

Aliases

Related

CGA-5vm5-h4p8-9rgx

Published

2024-02-29T08:05:29.776Z

Modified

2026-05-28T04:09:25.796868506Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Public channel post content accessible without membership when compliance export is enabled

Details

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/1xxx/CVE-2024-1887.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "8.1.8"
                },
                {
                    "last_affected": "9.2.4"
                },
                {
                    "last_affected": "9.3.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cwe_ids": [
        "CWE-284"
    ],
    "cna_assigner": "Mattermost"
}

References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost

Events

Introduced

Fixed

4c83724516242843802cc75840b08ead6afbd37b

Introduced

b47be1c0f5787562ddf430dd5c5b8b3c35748b06

Fixed

cf3252f5bf7a8ecd29403c873b05c70c3b20e920

Introduced

7bf5dcb8fb7f05db9a7a6a9be608ac0fe1405351

Fixed

d60d75b3f5755ac1be0d5ca2cce75e775d1a4a95

Database specific

{
    "cpe": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.1.9"
        },
        {
            "introduced": "9.2.0"
        },
        {
            "fixed": "9.2.5"
        },
        {
            "introduced": "9.3.0"
        },
        {
            "fixed": "9.3.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

@mattermost/client@8.*

@mattermost/client@8.1.1

@mattermost/client@9.*

@mattermost/client@9.2.0

@mattermost/client@9.3.0

@mattermost/types@8.*

@mattermost/types@8.1.1

@mattermost/types@9.*

@mattermost/types@9.2.0

@mattermost/types@9.3.0

Other

cloud-2022-07-20-1

cloud-2022-08-10-1

cloud-2022-09-08-1

cloud-2022-10-06-1

cloud-2022-11-11-1

cloud-2022-11-24-1

cloud-2023-07-26-1

server/public/v0.*

server/public/v0.0.5

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.2.0-rc1

v5.2.0-rc2

v8.*

v8.1.0

v8.1.0-rc2

v8.1.1

v8.1.1-rc1

v8.1.1-rc2

v8.1.2

v8.1.2-rc1

v8.1.2-rc2

v8.1.3

v8.1.3-rc1

v8.1.3-rc2

v8.1.4

v8.1.4-rc1

v8.1.4-rc2

v8.1.5

v8.1.5-rc1

v8.1.5-rc2

v8.1.6

v8.1.6-rc1

v8.1.7

v8.1.7-rc1

v8.1.7-rc2

v8.1.7-rc3

v8.1.8

v8.1.8-rc1

v8.1.8-rc2

v8.1.9-rc1

v8.1.9-rc2

v9.*

v9.2.0

v9.2.0-rc2

v9.2.1

v9.2.2

v9.2.3

v9.2.3-rc1

v9.2.4

v9.2.4-rc1

v9.2.5-rc1

v9.2.5-rc2

v9.3.0

v9.3.0-rc2

v9.3.1-rc1

v9.3.1-rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1887.json"