CVE-2024-32046
CVSS V2 None
CVSS V3 None
Description
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Overview
- CVE ID
- CVE-2024-32046
- Assigner
- Mattermost
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-04-26T08:24:50.696Z
- Last Modified Date
- 2024-06-04T17:50:31.884Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://mattermost.com/security-updates |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-32046 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32046 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 08:31:30 | Added to TrackCVE |