Lucene search
MattermostCVE-2024-39807HistoryJul 03, 2024 - 9:15 a.m.
CVE-2024-39807
2024-07-0309:15:07
CWE-200
Mattermost
web.nvd.nist.gov
29
mattermost
webhook
leakage
security vulnerability
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
4
Confidence
High
EPSS
0.001
Percentile
17.2%
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels.
Affected configurations
Node
mattermostmattermostRange9.5.0–9.5.6
ORmattermostmattermostRange9.8.0–9.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost | * | cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"status": "affected",
"version": "9.8.0"
},
{
"lessThanOrEqual": "9.5.5",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "9.9.0"
},
{
"status": "unaffected",
"version": "9.8.1"
},
{
"status": "unaffected",
"version": "9.5.6"
}
]
}
]References
Related
nvd
nvd
CVE-2024-39807
2024-07-03 09:15:07
osv
osv
CVE-2024-39807
2024-07-03 09:15:07
veracode
veracode
Information Disclosure
2024-07-04 11:10:55
vulnrichment
vulnrichment
cvelist
cvelist
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
4
Confidence
High
EPSS
0.001
Percentile
17.2%
Related for CVE-2024-39807