CVE-2024-32939

Summary

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost9.9.0 <= 9.9.1affected
MattermostMattermost9.5.0 <= 9.5.7affected
MattermostMattermost9.10.0affected
MattermostMattermost9.8.0 <= 9.8.2affected
MattermostMattermost9.11.0unaffected
MattermostMattermost9.9.2unaffected
MattermostMattermost9.5.8unaffected
MattermostMattermost9.10.1unaffected
MattermostMattermost9.8.3unaffected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References