CVE-2024-1949

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

Published: Feb 29, 2024
Updated: May 4, 2025
CVE: CVE-2024-1949
GHSA: GHSA-3g35-v53r-gpxc
Severity: Low
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

CWEs:

CWE-200
CWE-362

Affected Software
References

Software	From	Fixed in
github.com/mattermost/mattermost/server/v8	9.0.0	9.4.2
github.com/mattermost/mattermost/server/v8	-	8.1.9
mattermost / mattermost_server	8.1.0	8.1.9
mattermost / mattermost_server	9.4.0	9.4.2

https://mattermost.com/security-updates

Vulnerability Database

CVE-2024-1949