Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-32046

Good to know:

icon

Date: April 26, 2024

Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored

Language: Go

Severity Score

Related Resources (9)

https://github.com/mattermost/mattermost/commit/2a48b5b3428cae494452125401e4f72780543ac8
https://github.com/mattermost/mattermost/commit/c84c25b20c8b8726a2f126ae9370a72498096172
https://nvd.nist.gov/vuln/detail/CVE-2024-32046
https://github.com/mattermost/mattermost
https://github.com/advisories/GHSA-vx97-8q8q-qgq5
https://github.com/mattermost/mattermost/commit/93738756ff79777c6e340c8de63a7b4b0f881d27
https://github.com/mattermost/mattermost/commit/aa222c66b799c12e32eeb8eae6f555bf6140375b
https://mattermost.com/security-updates
https://www.mend.io/vulnerability-database/CVE-2024-32046

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Generation of Error Message Containing Sensitive Information

CWE-209

Top Fix

icon

Upgrade Version

Upgrade to version github.com/mattermost/mattermost-server - v8.1.12;github.com/mattermost/mattermost-server - v9.5.3;github.com/mattermost/mattermost-server - v9.6.1;github.com/mattermost/mattermost-server - v9.4.5;github.com/mattermost/mattermost-server - v8.1.12+incompatible

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us