Veracode Vulnerability DatabaseVERACODE:46673Sensitive Information Disclosure
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
github.com/mattermost/mattermost-server is vulnerable to Sensitive Information Disclosure. The vulnerability is due to a failure to remove detailed error messages in API requests, even when developer mode is off, allowing attackers to obtain sensitive server information such as file paths.
References
github.com/advisories/GHSA-vx97-8q8q-qgq5
github.com/mattermost/mattermost/commit/2a48b5b3428cae494452125401e4f72780543ac8
github.com/mattermost/mattermost/commit/93738756ff79777c6e340c8de63a7b4b0f881d27
github.com/mattermost/mattermost/commit/aa222c66b799c12e32eeb8eae6f555bf6140375b
github.com/mattermost/mattermost/commit/c84c25b20c8b8726a2f126ae9370a72498096172
mattermost.com/security-updates/
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%