PT-2023-17235 · Unknown · Mattermost

Harrison Healey

Publicado

2023-03-31

Atualizado

2024-03-06

CVE-2023-1775

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost (affected versions not specified)

Description When running in a High Availability configuration, Mattermost fails to sanitize some of the user updated and post deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-668

Identificadores relacionados

BIT-MATTERMOST-2023-1775

CVE-2023-1775

GHSA-8JHH-3JF2-PFWR

Produtos afetados

Mattermost

PT-2023-17235 · Unknown · Mattermost

CVE-2023-1775

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9