Описание
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.12.0 (включая) до 7.7.0 (исключая)
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00224
Низкий
2.7 Low
CVSS3
Дефекты
CWE-200
CWE-200
Связанные уязвимости
CVSS3: 2.7
debian
почти 3 года назад
Mattermost fails to honor the ShowEmailAddress setting when constructi ...
CVSS3: 2.7
github
почти 3 года назад
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
EPSS
Процентиль: 45%
0.00224
Низкий
2.7 Low
CVSS3
Дефекты
CWE-200
CWE-200