CVE-2024-29221
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/mattermost/mattermost/server/v8 | >=8.1.0,<8.1.11 | 8.1.11 |
| Go | github.com/mattermost/mattermost/server/v8 | >=9.5.0,<9.5.2 | 9.5.2 |
| Go | github.com/mattermost/mattermost/server/v8 | >=9.4.0,<9.4.4 | 9.4.4 |
| Go | github.com/mattermost/mattermost/server/v8 | >=9.3.0,<9.3.3 | 9.3.3 |
| Go | github.com/mattermost/mattermost-server | >=9.5.0+incompatible,<9.5.2+incompatible | 9.3.3+incompatible |
| Go | github.com/mattermost/mattermost-server/v5 | | |
| Go | github.com/mattermost/mattermost-server/v6 | | |
| Go | github.com/mattermost/mattermost/server/v8 | | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-29221
- https://github.com/mattermost/mattermost/commit/0dc03fbc6e3c9afb14137e72ab3fa6f5a0125b9c
- https://github.com/mattermost/mattermost/commit/5cce9fed7363386afebd81a58fb5fab7d2729c8f
- https://github.com/mattermost/mattermost/commit/a5784f34ba6592c6454b8742f24af9d06279e347
- https://github.com/mattermost/mattermost/commit/dd3fe2991a70a41790d6bef5d31afc5957525f3c
- https://github.com/mattermost/mattermost
- https://mattermost.com/security-updates
- https://pkg.go.dev/vuln/GO-2024-2706
- https://github.com/advisories/GHSA-w67v-ph4x-f48q
Verify integrity in audit chain (admin only). AS-IS.