CVE-2021-37867 MEDIUM

CVE-2021-37867: Emails of all users are exposed via one of the Boards APIs

Vendor Mattermost

Product Mattermost Boards

Weakness CWE-200 · Info exposure

Published January 18, 2022

Last update December 6, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure.

Key dates

02Disclosure timeline

January 18, 2022 CVE published

December 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-37867

Related vulnerabilities

04Related CVE

CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling) CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009 CVE-2024-30381 Paragon Active Assurance: probe_serviced exposes internal objects to local users CVE-2024-8978 Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Contributor+) Sensitive Information Exposure

Identifiers

CVE CVE-2021-37867

CWE CWE-200

CVSS 4.3 / MEDIUM

Affected versions

Vendor Mattermost

Product Mattermost Boards

Affected ≥ unspecified and ≤ 0.10.0