CVE-2024-42406

{"id": "CVE-2024-42406", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-09-26T08:15:05.810", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows\u00a0an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files."}, {"lang": "es", "value": "Las versiones 9.11.x &lt;= 9.11.0, 9.10.x &lt;= 9.10.1, 9.9.x &lt;= 9.9.2 y 9.5.x &lt;= 9.5.8 de Mattermost no autorizan correctamente las solicitudes cuando la visualizaci\u00f3n de canales archivados est\u00e1 deshabilitada, lo que permite a un atacante recuperar informaci\u00f3n de publicaciones y archivos sobre canales archivados. Algunos ejemplos son las publicaciones marcadas o no le\u00eddas, as\u00ed como los archivos."}], "lastModified": "2024-10-01T11:15:48.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC97EDD1-AD9D-484B-99B0-D49541EFBA52", "versionEndExcluding": "9.5.9", "versionStartIncluding": "9.5.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20276949-478F-4F2C-9D07-F9B3C04CADD9", "versionEndExcluding": "9.9.3", "versionStartIncluding": "9.9.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AE34CB3-C7F7-4AAD-888E-5057ACBE9BC4", "versionEndExcluding": "9.10.2", "versionStartIncluding": "9.10.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:9.11.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7436086-F0AC-4AB8-B611-7B8E1AE2E4F9"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5310C1D-DA5F-46B5-BA33-F7C3D6A63C2F"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE22F86-00E2-42E0-8343-D3AD818AA943"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "641065E7-F36F-42F3-A098-B7131DB0D2F5"}], "operator": "OR"}]}], "sourceIdentifier": "responsibledisclosure@mattermost.com"}