Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."
References
History

Fri, 23 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost
Weaknesses CWE-312
CPEs cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost

Thu, 22 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 06:45:00 +0000

Type Values Removed Values Added
Description Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."
Title Email addresses of remote users visible in props regardless of server settings
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2024-08-22T06:29:01.203Z

Updated: 2024-08-22T13:26:55.790Z

Reserved: 2024-08-20T16:09:35.875Z

Link: CVE-2024-32939

cve-icon Vulnrichment

Updated: 2024-08-22T13:26:49.556Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-22T07:15:03.353

Modified: 2024-08-23T16:17:54.027

Link: CVE-2024-32939

cve-icon Redhat

No data.