CVE-2024-1887

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-1887

Severity

4.3

Medium

CVSS V3

Description

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.

References

https://images.chainguard.dev/security/CGA-mprf-hmfq-535g
https://github.com/advisories/GHSA-fx48-xv6q-6gp3
https://images.chainguard.dev/security/CGA-9mp5-f5xg-m6ww
https://images.chainguard.dev/security/CGA-pxmc-fp2q-4q6g
https://images.chainguard.dev/security/CGA-ff2q-8jmp-439w
https://images.chainguard.dev/security/CGA-pj2m-wr5m-9q2f
https://images.chainguard.dev/security/CGA-h598-9mvg-jmw9
https://images.chainguard.dev/security/CGA-9c85-rg9h-4w8m
https://images.chainguard.dev/security/CGA-j532-9xf4-xprj
https://images.chainguard.dev/security/CGA-j786-mchw-g2mp
https://images.chainguard.dev/security/CGA-r2p7-vrvf-3qg9
https://images.chainguard.dev/security/CGA-gm3q-97qq-mwm4
https://images.chainguard.dev/security/CGA-3953-rr93-p22f
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal