CVE-2024-52032

Mattermost versions 10.0.x = 10.0.0 and 9.11.x = 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled...

PT-2024-35098 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.2 Mattermost versions 10.0.x through 10.0.0 Description: The issue arises when searching for channel names in the channel switcher, allowing an attacker to obtain private channel names they are not a...