CVE-2024-1887

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-1887

Severity

4.3

Medium

CVSS CVSS_V3

Description

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.

References

https://images.chainguard.dev/security/CGA-mprf-hmfq-535g
https://github.com/advisories/GHSA-fx48-xv6q-6gp3
https://images.chainguard.dev/security/CGA-9mp5-f5xg-m6ww
https://images.chainguard.dev/security/CGA-pxmc-fp2q-4q6g
https://images.chainguard.dev/security/CGA-ff2q-8jmp-439w
https://images.chainguard.dev/security/CGA-pj2m-wr5m-9q2f
https://images.chainguard.dev/security/CGA-hrxx-r53q-h5xw
https://images.chainguard.dev/security/CGA-9c85-rg9h-4w8m
https://images.chainguard.dev/security/CGA-j532-9xf4-xprj
https://images.chainguard.dev/security/CGA-j786-mchw-g2mp
https://images.chainguard.dev/security/CGA-r2p7-vrvf-3qg9
https://images.chainguard.dev/security/CGA-gm3q-97qq-mwm4
https://images.chainguard.dev/security/CGA-3953-rr93-p22f
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2024-1887

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources