CVE-2023-48732

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to v8.1.7

Description The issue arises from Mattermost's failure to scope the WebSocket response around notified users to each user separately. As a result, the WebSocket broadcasts information about who was notified about a post to everyone else in the channel. This could potentially lead to unintended information disclosure.

Recommendations For versions prior to v8.1.7, update to version v8.1.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of WebSockets for individual responses in the channel to minimize the risk of information disclosure. Restrict access to sensitive information and channels to minimize the impact of this issue until a patch is applied.