Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00d3c4LWZwcnEtY3EzNM4AA-4H

Mattermost doesn't redact remote users' original email addresses

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server.

Permalink: https://github.com/advisories/GHSA-4ww8-fprq-cq34
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00d3c4LWZwcnEtY3EzNM4AA-4H
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 5 months ago

CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Percentage: 0.00046
EPSS Percentile: 0.18503

Identifiers: GHSA-4ww8-fprq-cq34, CVE-2024-32939
References:

Blast Radius: 0.0

Affected Packages

go:github.com/mattermost/mattermost/server/v8

Dependent packages: 2
Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 9.8.0, < 9.8.3, >= 9.10.0, < 9.10.1, >= 9.5.0, < 9.5.8, >= 9.9.0, < 9.9.2
Fixed in: 9.8.3, 9.10.1, 9.5.8, 9.9.2
All affected versions:
All unaffected versions: