Mattermost Private Channel Data Filtering Vulnerability
CVE-2024-10241

4.3MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 29 October 2024

Summary

Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K.

Affected Version(s)

Mattermost 9.5.0 <= 9.5.9

Mattermost 9.8.0

Mattermost 9.5.10

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024
Vulnerability Reserved
Oct 22, 2024

Credit

Juho Nurminen