Headline

GHSA-fx48-xv6q-6gp3: Mattermost post fetching without auditing in compliance export

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.

11 months ago

ghsa

Open in Source

#vulnerability #git

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
CVE-2024-1887

Mattermost post fetching without auditing in compliance export

Moderate severity GitHub Reviewed Published Feb 29, 2024 to the GitHub Advisory Database • Updated Feb 29, 2024

Package

gomod github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

>= 9.3.0, < 9.3.1

>= 9.2.0, < 9.2.5

< 8.1.9

Patched versions

9.3.1

9.2.5

8.1.9

Description

Published to the GitHub Advisory Database

Feb 29, 2024

Last updated

Feb 29, 2024

ghsa: Latest News

GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

19 hours ago

ghsa

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

19 hours ago

ghsa

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

21 hours ago

ghsa

GHSA-23qp-3c2m-xx6w: wasmvm: Malicious smart contract can crash the chain

21 hours ago

ghsa

GHSA-9crc-q9x8-hgqq: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

23 hours ago

ghsa