CVE-2024-32046
EUVD-2024-131326.04.2024, 09:15
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are storedEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 8.1.0 ≤ 𝑥 < 8.1.12 |
| mattermost | mattermost_server | 9.4.0 ≤ 𝑥 < 9.4.5 |
| mattermost | mattermost_server | 9.5.0 ≤ 𝑥 < 9.5.3 |
| mattermost | mattermost_server | 9.6.0 ≤ 𝑥 < 9.6.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.