CVE-2024-39807

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 3, 2024
Updated: Jul 5, 2024
CWE ID 200

Summary

CVE-2024-39807 is a vulnerability affecting Mattermost versions 9.5.x up to 9.5.5 and 9.8.0. An attacker can exploit this issue by failing to properly sanitize the recipients of a webhook event, granting unauthorized access to the channel IDs of archived or restored channels. This vulnerability poses a risk for unintended exposure of sensitive information. Attackers monitoring webhook events can potentially gain insight into otherwise inaccessible channels, compromising the confidentiality of conversation data. The vulnerability necessitates immediate action, including patching the affected Mattermost instances or implementing alternative security measures to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share