CVE-2024-1949
Mattermost race condition in github.com/mattermost/mattermost-server
2.6
LOW
CVSS 3.1
EPSS 0.27%
Description
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.
How to fix CVE-2024-1949
To remediate CVE-2024-1949, upgrade the affected package to a fixed version below.
- —upgrade to 8.1.9 or later
- —upgrade to 9.4.2+incompatible or later
- —no fix listed
- —no fix listed
- —upgrade to 9.4.2 or later
- —no fix listed
Is CVE-2024-1949 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- >= 8.1.0, < 8.1.9, >= 9.4.0, < 9.4.2
- >= 9.0.0+incompatible, < 9.4.2+incompatible
- from 0
- from 0
- >= 9.0.0, < 9.4.2
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | LOW2.6 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N |