CVE-2024-39807
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-39807 is a vulnerability affecting Mattermost versions 9.5.x up to 9.5.5 and 9.8.0. An attacker can exploit this issue by failing to properly sanitize the recipients of a webhook event, granting unauthorized access to the channel IDs of archived or restored channels. This vulnerability poses a risk for unintended exposure of sensitive information. Attackers monitoring webhook events can potentially gain insight into otherwise inaccessible channels, compromising the confidentiality of conversation data. The vulnerability necessitates immediate action, including patching the affected Mattermost instances or implementing alternative security measures to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Mattermost, Inc.