CVE-2024-32939

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 23, 2024
CWE ID 312
CWE ID 284

Summary

CVE-2024-32939 identifies a vulnerability affecting Mattermost versions 9.9.x up to 9.9.1, 9.5.x up to 9.5.7, 9.10.x up to 9.10.0, and 9.8.x up to 9.8.2 when shared channels are enabled, due to improper redaction of remote users' email addresses in user properties despite visibility settings on the local server. This issue poses a medium-level threat with a CVSS base score of 4.3 and could lead to low confidentiality impact as sensitive email information may be exposed during network interactions without requiring user interaction or elevated privileges for exploitation. Organizations using these versions should remediate the vulnerability by updating their Mattermost installations to the latest secure versions as outlined in vendor advisories available at Mattermost's security updates page. The attack complexity is considered low, making it easier for potential attackers to exploit this vulnerability if not addressed promptly. Failure to remediate this issue may result in unauthorized access or exposure of sensitive user information within an organization's communication platform.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share