Lucene search

Redhat.comRH:CVE-2024-32046

HistoryApr 26, 2024 - 11:05 a.m.

CVE-2024-32046

2024-04-2611:05:30

redhat.com

access.redhat.com

mattermost

api

server files

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A flaw was found in Mattermost, where it fails to remove detailed error messages in API requests even if the developer mode is off. This flaw allows an attacker to obtain information about the server, such as the full path where files are stored.

References

bugzilla.redhat.com/show_bug.cgi?id=2277327

mattermost.com/security-updates

nvd.nist.gov/vuln/detail/CVE-2024-32046

www.cve.org/CVERecord?id=CVE-2024-32046

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for RH:CVE-2024-32046