Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52032

Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled.

Published

2024-11-09T18:15:15.203

Last Modified

2024-11-14T16:47:21.583

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mattermost	mattermost_server	< 9.11.3	Yes
Application	mattermost	mattermost_server	10.0.0	Yes
Application	mattermost	mattermost_server	10.0.0	Yes
Application	mattermost	mattermost_server	10.0.0	Yes
Application	mattermost	mattermost_server	10.0.0	Yes
Application	mattermost	mattermost_server	10.0.0	Yes

References

https://mattermost.com/security-updates Vendor Advisory ([email protected])