Vulnerability Details CVE-2024-32046
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-32046
-
cpe:2.3:a:mattermost:mattermost_server:8.1.0
-
cpe:2.3:a:mattermost:mattermost_server:8.1.1
-
cpe:2.3:a:mattermost:mattermost_server:8.1.10
-
cpe:2.3:a:mattermost:mattermost_server:8.1.11
-
cpe:2.3:a:mattermost:mattermost_server:8.1.2
-
cpe:2.3:a:mattermost:mattermost_server:8.1.3
-
cpe:2.3:a:mattermost:mattermost_server:8.1.4
-
cpe:2.3:a:mattermost:mattermost_server:8.1.5
-
cpe:2.3:a:mattermost:mattermost_server:8.1.6
-
cpe:2.3:a:mattermost:mattermost_server:8.1.7
-
cpe:2.3:a:mattermost:mattermost_server:8.1.8
-
cpe:2.3:a:mattermost:mattermost_server:8.1.9
-
cpe:2.3:a:mattermost:mattermost_server:9.4.0
-
cpe:2.3:a:mattermost:mattermost_server:9.4.1
-
cpe:2.3:a:mattermost:mattermost_server:9.4.2
-
cpe:2.3:a:mattermost:mattermost_server:9.4.3
-
cpe:2.3:a:mattermost:mattermost_server:9.4.4
-
cpe:2.3:a:mattermost:mattermost_server:9.5.0
-
cpe:2.3:a:mattermost:mattermost_server:9.5.1
-
cpe:2.3:a:mattermost:mattermost_server:9.5.2
-
cpe:2.3:a:mattermost:mattermost_server:9.6.0