CVE-2024-1949
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-1949
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1949.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-1949
- Aliases
- Related
- Published
- 2024-02-29T11:15:08Z
- Modified
- 2025-01-08T15:33:27.146319Z
- Severity
-
- 2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
- References
Affected packages
Git / github.com/mattermost/mattermost
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mattermost/mattermost
- Events
- Type
- GIT
- Repo
- https://github.com/mattermost/mattermost-server
- Events
Affected versions
@mattermost/client@8.*
@mattermost/client@8.1.1
@mattermost/client@9.*
@mattermost/client@9.4.0
@mattermost/types@8.*
@mattermost/types@8.1.1
@mattermost/types@9.*
@mattermost/types@9.4.0
v8.*
v8.1.0
v8.1.0-rc2
v8.1.1
v8.1.1-rc1
v8.1.1-rc2
v8.1.2
v8.1.2-rc1
v8.1.2-rc2
v8.1.3
v8.1.3-rc1
v8.1.3-rc2
v8.1.4
v8.1.4-rc1
v8.1.4-rc2
v8.1.5
v8.1.5-rc1
v8.1.5-rc2
v8.1.6
v8.1.6-rc1
v8.1.7
v8.1.7-rc1
v8.1.7-rc2
v8.1.7-rc3
v8.1.8
v8.1.8-rc1
v8.1.8-rc2
v8.1.9-rc1
v8.1.9-rc2
v9.*
v9.4.0
v9.4.0-rc4
v9.4.1
v9.4.2-rc1