- Description
- A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 2.6
- Impact score
- 1.4
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
- Severity
- LOW
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D16EAB8-89FC-4745-8C40-CC83EE7A42EE",
"versionEndExcluding": "8.1.9",
"versionStartIncluding": "8.1.0"
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B3CC387-1591-408A-A136-9B5B4C921223",
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0"
}
],
"operator": "OR"
}
]
}
]