Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-32046
Summary
In github.com/mattermost/mattermost versions 8.1.0-rc2 through 8.1.11, 9.4.0-rc1 through 9.4.4, 9.5.0-rc1 through 9.5.2, and 9.6.0-rc1 through 9.6.0, fails to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path where files are stored
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- LOW
CWE-200 - Information Exposure
An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.
References
Advisory Timeline
- Published