CVE-2024-39830 Information

Description

Mattermost versions 9.8.x <= 9.8.0 9.7.x <= 9.7.4 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 when shared channels are enabled fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison.

Reference

https://mattermost.com/security-updates