Skip to main content

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2024-32046

Severity Medium
Score 4.3/10

Summary

In github.com/mattermost/mattermost versions 8.1.0-rc2 through 8.1.11, 9.4.0-rc1 through 9.4.4, 9.5.0-rc1 through 9.5.2, and 9.6.0-rc1 through 9.6.0, fails to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path where files are stored

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • LOW

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

Advisory Timeline

  • Published