CVE-2024-47145

Summary

CVE-2024-47145 identifies a vulnerability in Mattermost versions 9.5.x up to and including 9.5.8, where inadequate authorization allows attackers to access archived channel content even when visibility is restricted. This issue can potentially expose sensitive posts and files through unprotected file links, posing a confidentiality risk to organizations using the affected versions of Mattermost. To remediate this vulnerability, users should upgrade to a patched version of Mattermost that addresses this authorization flaw. The vulnerability has been rated with a medium severity score of 4.3, indicating a moderate level of risk given that it requires low privileges and user interaction is not necessary for exploitation. For further information and updates, users are encouraged to visit the Mattermost security updates page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.