GSA_kwCzR0hTQS00d3c4LWZwcnEtY3EzNM4AA-4H

Moderate CVSS: 5.3 EPSS: 0.00206% (0.43042 Percentile) EPSS:

Permalink JSON

Mattermost doesn't redact remote users' original email addresses

Affected Packages	Affected Versions	Fixed Versions
go:github.com/mattermost/mattermost/server/v8 PURL: `pkg:go/github.com%2Fmattermost%2Fmattermost%2Fserver%2Fv8`	>= 9.8.0, < 9.8.3, >= 9.10.0, < 9.10.1, >= 9.5.0, < 9.5.8, >= 9.9.0, < 9.9.2	9.8.3, 9.10.1, 9.5.8, 9.9.2
2 Dependent packages 1 Dependent repositories Affected Version Ranges All affected versions All unaffected versions

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server.

References:

Identifiers

GHSA-4ww8-fprq-cq34

CVE-2024-32939

Risk

Severity

Moderate

CVSS

CVSS Score: 5.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00206

EPSS Percentile: 0.43042

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 1 year ago

Updated

17 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories