/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-23488

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-23488

CGA ID

CGA-wf4x-qmcx-v3g2

Severity

Unknown

Summary

Mattermost fails to properly restrict the access of files attached to posts

Description

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.

References

  • https://images.chainguard.dev/security/CGA-wf4x-qmcx-v3g2
  • https://github.com/advisories/GHSA-xgxj-j98c-59rv
  • https://nvd.nist.gov/vuln/detail/CVE-2024-23488
  • https://github.com/mattermost/mattermost
  • https://mattermost.com/security-updates

Affected packages

Safe Source for Open Source™
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation