CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-52032

Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.4%

CVSS Severity

CVSS v3 Score 4.3

References

https://mattermost.com/security-updates

Products affected by CVE-2024-52032

Mattermost » Mattermost Server » Version: 10.0.0

cpe:2.3:a:mattermost:mattermost_server:10.0.0
Mattermost » Mattermost Server » Version: 9.11.0

cpe:2.3:a:mattermost:mattermost_server:9.11.0
Mattermost » Mattermost Server » Version: 9.11.1

cpe:2.3:a:mattermost:mattermost_server:9.11.1
Mattermost » Mattermost Server » Version: 9.11.2

cpe:2.3:a:mattermost:mattermost_server:9.11.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-52032

Products

Pricing

Contact Us