CVE-2024-1887: Mattermost post fetching without auditing in compliance export

February 29, 2024 (updated November 18, 2024)

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.

References

github.com/advisories/GHSA-fx48-xv6q-6gp3
github.com/mattermost/mattermost
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2024-1887

Code Behaviors & Features

Detect and mitigate CVE-2024-1887 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →