4 matches found
CVE-2024-52032
Mattermost versions 10.0.x = 10.0.0 and 9.11.x = 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled...
CVE-2024-52032
creationtimestamp| type| source ---|---|--- 2024-11-09 17:28:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113454173342773017 2024-11-09 19:47:08+00:00| seen| https://t.me/cvedetector/10409...
CVE-2024-52032 Private channel names leaking when Elasticsearch is enabled
Mattermost versions 10.0.x = 10.0.0 and 9.11.x = 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled...
CVE-2024-52032 Private channel names leaking when Elasticsearch is enabled
Mattermost versions 10.0.x = 10.0.0 and 9.11.x = 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled...