CVE-2024-1949
Published Feb 29, 2024
Last updated 9 months ago
Overview
- Description
- A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 2.6
- Impact score
- 1.4
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
- Severity
- LOW
Weaknesses
- responsibledisclosure@mattermost.com
- CWE-200
Social media
- Hype score
- Not currently trending