Bug 2277327 (CVE-2024-32046)
| Summary: | CVE-2024-32046 mattermost: allows an attacker to get information about the server such as the full path were files are stored | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Rohit Keshri <rkeshri> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | dfreiber, drow, gparvin, jburrell, lbainbri, njean, owatkins, pahickey, rhaigner, sidakwo, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Mattermost, where it fails to remove detailed error messages in API requests even if the developer mode is off. This flaw allows an attacker to obtain information about the server, such as the full path where files are stored.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2277328, 2277329 | ||
| Bug Blocks: | 2277330 | ||
|
Description
Rohit Keshri
2024-04-26 11:01:31 UTC
Created purple-mattermost tracking bugs for this issue: Affects: epel-all [bug 2277328] Affects: fedora-all [bug 2277329] |