{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T18:58:32.453","vulnerabilities":[{"cve":{"id":"CVE-2024-42406","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2024-09-26T08:15:05.810","lastModified":"2024-10-01T11:15:48.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files."},{"lang":"es","value":"Las versiones 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 y 9.5.x <= 9.5.8 de Mattermost no autorizan correctamente las solicitudes cuando la visualización de canales archivados está deshabilitada, lo que permite a un atacante recuperar información de publicaciones y archivos sobre canales archivados. Algunos ejemplos son las publicaciones marcadas o no leídas, así como los archivos."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.5.0","versionEndExcluding":"9.5.9","matchCriteriaId":"BC97EDD1-AD9D-484B-99B0-D49541EFBA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.9.0","versionEndExcluding":"9.9.3","matchCriteriaId":"20276949-478F-4F2C-9D07-F9B3C04CADD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.10.0","versionEndExcluding":"9.10.2","matchCriteriaId":"6AE34CB3-C7F7-4AAD-888E-5057ACBE9BC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:9.11.0:-:*:*:*:*:*:*","matchCriteriaId":"E7436086-F0AC-4AB8-B611-7B8E1AE2E4F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc1:*:*:*:*:*:*","matchCriteriaId":"D5310C1D-DA5F-46B5-BA33-F7C3D6A63C2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc2:*:*:*:*:*:*","matchCriteriaId":"BCE22F86-00E2-42E0-8343-D3AD818AA943"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:9.11.0:rc3:*:*:*:*:*:*","matchCriteriaId":"641065E7-F36F-42F3-A098-B7131DB0D2F5"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}