Mattermost doesn't redact remote users' original email addresses

GHSA-4ww8-fprq-cq34 · CVE-2024-32939 · GO-2024-3093

Published Aug 22, 2024 · Modified Aug 30, 2024

Description

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-32939
PACKAGE https://github.com/mattermost/mattermost
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes