← Back to CVEs
CVE-2024-23488
LOW3.1
Description
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.
CVE Details
CVSS v3.1 Score3.1
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published2/29/2024
Last Modified5/12/2025
Sourcenvd
Honeypot Sightings0
Affected Products
mattermost:mattermost_server
Weaknesses (CWE)
CWE-284
References
https://mattermost.com/security-updates(responsibledisclosure@mattermost.com)
https://mattermost.com/security-updates(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.