Описание
Mattermost's detailed error messages reveal the full file path
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-32046
- https://github.com/mattermost/mattermost/commit/2a48b5b3428cae494452125401e4f72780543ac8
- https://github.com/mattermost/mattermost/commit/93738756ff79777c6e340c8de63a7b4b0f881d27
- https://github.com/mattermost/mattermost/commit/aa222c66b799c12e32eeb8eae6f555bf6140375b
- https://github.com/mattermost/mattermost/commit/c84c25b20c8b8726a2f126ae9370a72498096172
- https://mattermost.com/security-updates
Пакеты
github.com/mattermost/mattermost-server
>= 8.1.0, <= 8.1.11
8.1.12
github.com/mattermost/mattermost-server
>= 9.5.0, <= 9.5.2
9.5.3
github.com/mattermost/mattermost-server
>= 9.6.0-rc1, <= 9.6.0
9.6.1
github.com/mattermost/mattermost-server
>= 9.4.0, <= 9.4.4
9.4.5
Связанные уязвимости
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and ...