Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12eDk3LThxOHEtcWdxNc4AA7VB
Mattermost's detailed error messages reveal the full file path
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Permalink: https://github.com/advisories/GHSA-vx97-8q8q-qgq5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12eDk3LThxOHEtcWdxNc4AA7VB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 13 days ago
Updated: 13 days ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-vx97-8q8q-qgq5, CVE-2024-32046
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-32046
- https://mattermost.com/security-updates
- https://github.com/mattermost/mattermost/commit/2a48b5b3428cae494452125401e4f72780543ac8
- https://github.com/mattermost/mattermost/commit/93738756ff79777c6e340c8de63a7b4b0f881d27
- https://github.com/mattermost/mattermost/commit/aa222c66b799c12e32eeb8eae6f555bf6140375b
- https://github.com/mattermost/mattermost/commit/c84c25b20c8b8726a2f126ae9370a72498096172
- https://github.com/advisories/GHSA-vx97-8q8q-qgq5
Blast Radius: 9.0
Affected Packages
go:github.com/mattermost/mattermost-server
Dependent packages: 131Dependent repositories: 122
Downloads:
Affected Version Ranges: >= 9.4.0, <= 9.4.4, >= 9.6.0-rc1, <= 9.6.0, >= 9.5.0, <= 9.5.2, >= 8.1.0, <= 8.1.11
Fixed in: 9.4.5, 9.6.1, 9.5.3, 8.1.12
All affected versions: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.9, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.5.0, 9.5.1, 9.5.2, 9.6.0, 9.6.0-rc1, 9.6.0-rc2, 9.6.0-rc3
All unaffected versions: 0.5.0, 0.6.0, 1.0.0, 1.1.0, 1.1.1, 1.2.1, 1.3.0, 1.4.0, 2.0.0, 2.1.0, 2.2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 3.9.1, 3.9.2, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.8.0, 4.8.1, 4.8.2, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9, 4.10.10, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 5.4.0, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.8.0, 5.8.1, 5.8.2, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.10.0, 5.10.1, 5.10.2, 5.11.0, 5.11.1, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.5, 9.5.3, 9.6.1