CVE-2024-32939

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*

History

23 Aug 2024, 16:17

Type Values Removed Values Added
First Time Mattermost mattermost
Mattermost
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 3.7
CPE cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
CWE CWE-312
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory

22 Aug 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Las versiones de Mattermost 9.9.x &lt;= 9.9.1, 9.5.x &lt;= 9.5.7, 9.10.x &lt;= 9.10.0, 9.8.x &lt;= 9.8.2, cuando los canales compartidos están habilitados, no se pueden redactar las direcciones de correo electrónico originales de los usuarios remotos almacenadas en las propiedades del usuario cuando las direcciones de correo electrónico están configuradas para no ser visibles en el servidor local.

22 Aug 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-22 07:15

Updated : 2024-08-23 16:17


NVD link : CVE-2024-32939

Mitre link : CVE-2024-32939

CVE.ORG link : CVE-2024-32939


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-284

Improper Access Control