Lucene search
GoogleOSV:CVE-2024-39807HistoryJul 03, 2024 - 9:15 a.m.
CVE-2024-39807
2024-07-0309:15:07
Google
osv.dev
2
mattermost
webhook
vulnerability
channel ids
software
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.8
Confidence
High
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels.
References
Related
nvd
nvd
CVE-2024-39807
2024-07-03 09:15:07
veracode
veracode
Information Disclosure
2024-07-04 11:10:55
cve
cve
CVE-2024-39807
2024-07-03 09:15:07
vulnrichment
vulnrichment
cvelist
cvelist
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.8
Confidence
High
Related for OSV:CVE-2024-39807