Description

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."

Related CPE's

a

mattermost

mattermost

4

References

https://mattermost.com/security-updates

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-284

[email protected]

Primary
CWE-312

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-08-22T05:15:03.353Z

1 year ago

Last modified

2024-08-23T14:17:54.027Z

1 year ago