Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4ww8-fprq-cq34: Mattermost doesn't redact remote users' original email addresses

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users’ original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server.

ghsa
Open in Source
#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-32939

Mattermost doesn’t redact remote users’ original email addresses

Moderate severity GitHub Reviewed Published Aug 22, 2024 to the GitHub Advisory Database • Updated Aug 23, 2024

Package

gomod github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

>= 9.9.0, < 9.9.2

>= 9.5.0, < 9.5.8

>= 9.10.0, < 9.10.1

>= 9.8.0, < 9.8.3

Patched versions

9.9.2

9.5.8

9.10.1

9.8.3

Published to the GitHub Advisory Database

Aug 22, 2024

Last updated

Aug 23, 2024

ghsa: Latest News

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code
ghsa