CVE-2021-37867: Emails of all users are exposed via one of the Boards APIs
First published: Tue Jan 18 2022(Updated: )
Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure.
Credit: responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Boards | <=0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-37867?
CVE-2021-37867 is classified as a medium-severity vulnerability due to the potential for sensitive information disclosure.
How do I fix CVE-2021-37867?
To mitigate CVE-2021-37867, upgrade the Mattermost Boards plugin to version 0.10.1 or later.
Who is affected by CVE-2021-37867?
CVE-2021-37867 affects all users of Mattermost Boards plugin versions 0.10.0 and earlier.
What information is exposed due to CVE-2021-37867?
CVE-2021-37867 allows both authenticated and unauthorized users to access email addresses of all users.
Is there a workaround for CVE-2021-37867 until I can upgrade?
There are no specific workarounds for CVE-2021-37867; the best protection is to upgrade to the fixed version.
- agent/softwarecombine
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mattermost
- canonical/mattermost boards
- version/mattermost boards/0.10.0