BIT-mattermost-2023-1775

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2023-1775.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-mattermost-2023-1775

Aliases

Published

2024-03-06T11:02:33.383Z

Modified

2024-11-27T19:40:48.342Z

Summary

[none]

Details

When running in a High Availability configuration, Mattermost fails to sanitize some of the userupdated and postdeleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.

Database specific

{
    "cpes": [
        "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:mattermost:mattermost_server:7.7.1:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://mattermost.com/security-updates/

Affected packages

Bitnami / mattermost

Package

Name: mattermost
Purl: pkg:bitnami/mattermost

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.6

Type: SEMVER
Events: Introduced

7.7.1

Last affected

7.7.1