Описание
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
A flaw was found in Mattermost, where it fails to remove detailed error messages in API requests even if the developer mode is off. This flaw allows an attacker to obtain information about the server, such as the full path where files are stored.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-docs-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-rhel8-operator | Fix deferred | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-roxctl-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-scanner-db-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-scanner-rhel8 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Not affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and ...
Mattermost's detailed error messages reveal the full file path
4.3 Medium
CVSS3