4.3
CVE-2024-32046
- EPSS 0.1%
- Veröffentlicht 26.04.2024 09:15:12
- Zuletzt bearbeitet 12.05.2025 13:39:45
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
Detailed error discloses full file path with dev mode off
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Server Version >= 8.1.0 < 8.1.12
Mattermost ≫ Mattermost Server Version >= 9.4.0 < 9.4.5
Mattermost ≫ Mattermost Server Version >= 9.5.0 < 9.5.3
Mattermost ≫ Mattermost Server Version >= 9.6.0 < 9.6.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.274 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| responsibledisclosure@mattermost.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.