CVE-2024-32939
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-32939 identifies a vulnerability affecting Mattermost versions 9.9.x up to 9.9.1, 9.5.x up to 9.5.7, 9.10.x up to 9.10.0, and 9.8.x up to 9.8.2 when shared channels are enabled, due to improper redaction of remote users' email addresses in user properties despite visibility settings on the local server. This issue poses a medium-level threat with a CVSS base score of 4.3 and could lead to low confidentiality impact as sensitive email information may be exposed during network interactions without requiring user interaction or elevated privileges for exploitation. Organizations using these versions should remediate the vulnerability by updating their Mattermost installations to the latest secure versions as outlined in vendor advisories available at Mattermost's security updates page. The attack complexity is considered low, making it easier for potential attackers to exploit this vulnerability if not addressed promptly. Failure to remediate this issue may result in unauthorized access or exposure of sensitive user information within an organization's communication platform.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.