CVE-2024-39353
CVSS 3.1 Score 2.7 of 10 (low)
Details
Summary
CVE-2024-39353 is a vulnerability affecting Mattermost versions 9.5.x up to 9.5.5 and 9.8.0. An attacker with high privileges who has access to the audit logs can exploit this issue. The vulnerability stems from Mattermost's failure to sanitize RemoteClusterFrame payloads before logging them, allowing the attacker to read message contents directly from the logs. This security flaw poses a significant risk as audit logs often contain sensitive information, potentially leading to data breaches. Users are advised to upgrade their Mattermost servers to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Mattermost, Inc.