CVE-2024-32046
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-32046
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32046.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-32046
- Aliases
- Published
- 2024-04-26T09:15:12Z
- Modified
- 2025-05-17T14:24:13.218419Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
- References
Affected packages
Git / github.com/mattermost/mattermost
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mattermost/mattermost
- Events
- Type
- GIT
- Repo
- https://github.com/mattermost/mattermost-server
- Events
Affected versions
@mattermost/client@8.*
@mattermost/client@8.1.1
@mattermost/client@9.*
@mattermost/client@9.4.0
@mattermost/types@8.*
@mattermost/types@8.1.1
@mattermost/types@9.*
@mattermost/types@9.4.0
v8.*
v8.1.0
v8.1.0-rc2
v8.1.1
v8.1.1-rc1
v8.1.1-rc2
v8.1.10
v8.1.10-rc1
v8.1.11
v8.1.11-rc1
v8.1.12-rc1
v8.1.12-rc2
v8.1.12-rc3
v8.1.2
v8.1.2-rc1
v8.1.2-rc2
v8.1.3
v8.1.3-rc1
v8.1.3-rc2
v8.1.4
v8.1.4-rc1
v8.1.4-rc2
v8.1.5
v8.1.5-rc1
v8.1.5-rc2
v8.1.6
v8.1.6-rc1
v8.1.7
v8.1.7-rc1
v8.1.7-rc2
v8.1.7-rc3
v8.1.8
v8.1.8-rc1
v8.1.8-rc2
v8.1.9
v8.1.9-rc1
v8.1.9-rc2
v9.*
v9.4.0
v9.4.0-rc4
v9.4.1
v9.4.2
v9.4.2-rc1
v9.4.2-rc2
v9.4.3
v9.4.3-rc1
v9.4.4
v9.4.4-rc1
v9.4.5-rc1