Security Advisory

CVE-2024-1952

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-29 10:42:15

Last updated 2025-04-22 15:52:35

Assigner Mattermost

State PUBLISHED

Description

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts contents in channels they are not a member of.

← Browse all CVEs View on cve.org ↗