4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
The version of Mattermost Server installed on the remote host is prior to 8.1.9, 9.2.5, 9.3.1, or 9.4.2, 9.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2023-00285 advisory.
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. (CVE-2024-1887)
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the Allow users to view archived channels option is disabled. (CVE-2024-23488)
Note that Nessus has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(191689);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2024-1887", "CVE-2024-23488");
script_xref(name:"IAVA", value:"2024-A-0127-S");
script_name(english:"Mattermost Server < 8.1.9 / 9.2.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.4.2, 9.5.0 Multiple Vulnerabilities (MMSA-2023-00285)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of Mattermost Server installed on the remote host is prior to 8.1.9, 9.2.5, 9.3.1, or 9.4.2, 9.5.0. It is,
therefore, affected by multiple vulnerabilities as referenced in the MMSA-2023-00285 advisory.
- Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing
a user that is not a member of the public channel to fetch the posts, which will not be audited in the
compliance export. (CVE-2024-1887)
- Mattermost fails to properly restrict the access of files attached to posts in an archived channel,
resulting in members being able to access files of archived channels even if the Allow users to view
archived channels option is disabled. (CVE-2024-23488)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mattermost.com/security-updates/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mattermost Server version 8.1.9 / 9.2.5 / 9.3.1 / 9.4.2, 9.5.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-1887");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/29");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mattermost:mattermost_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mattermost_server_detect.nbin");
script_require_keys("installed_sw/Mattermost Server");
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:80);
var app_info = vcf::get_app_info(app:'Mattermost Server', port:port, webapp:TRUE);
var constraints = [
{ 'min_version' : '0.0', 'fixed_version' : '8.1.9' },
{ 'min_version' : '9.2.0', 'fixed_version' : '9.2.5' },
{ 'min_version' : '9.3.0', 'fixed_version' : '9.3.1' },
{ 'min_version' : '9.4.0', 'fixed_version' : '9.4.2', 'fixed_display' : '9.4.2, 9.5.0' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Vendor | Product | Version | CPE |
---|---|---|---|
mattermost | mattermost_server | cpe:/a:mattermost:mattermost_server |
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%