Vulnerabilities > Mattermost > Mattermost Server > 9.11.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-42406 | Unspecified vulnerability in Mattermost Server Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. | 5.4 |
| 2024-09-26 | CVE-2024-47003 | Unspecified vulnerability in Mattermost Server Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend. | 6.5 |