CVE-2024-47145

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47145

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47145.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-47145

Aliases

BIT-mattermost-2024-47145

Published

2024-09-26T08:15:06.403Z

Modified

2025-11-16T03:51:39.856951Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

99d819d25d0b16b3faed901b1fe5c41de7655e9c

Fixed

e8de27b043b2971472f30cb2e6c77bf4f8978486

Affected versions

@mattermost/client@9.*

@mattermost/client@9.5.0

@mattermost/types@9.*

@mattermost/types@9.5.0

v9.*

v9.5.0

v9.5.0-rc3

v9.5.1

v9.5.1-rc1

v9.5.2

v9.5.3

v9.5.3-rc1

v9.5.3-rc2

v9.5.3-rc3

v9.5.4

v9.5.4-rc1

v9.5.4-rc2

v9.5.5

v9.5.5-rc1

v9.5.6

v9.5.6-rc1

v9.5.6-rc2

v9.5.7

v9.5.7-rc1

v9.5.7-rc2

v9.5.7-rc3

v9.5.8

v9.5.8-rc1

v9.5.8-rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47145.json"