Описание
Mattermost vulnerable to information disclosure
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Issue Identifier: MMSA-2023-00138
Пакеты
github.com/mattermost/mattermost-server
>= 3.3.0, <= 4.10.10
7.1.6
github.com/mattermost/mattermost-server
>= 7.7.0, <= 7.7.1
7.7.2
github.com/mattermost/mattermost-server
>= 7.1.0, <= 7.1.5
7.1.6
github.com/mattermost/mattermost-server/v5
>= 5.0.0, <= 5.39.3
7.1.6
github.com/mattermost/mattermost-server/v6
>= 6.0.0, <= 6.7.2
7.1.6
Связанные уязвимости
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
When running in a High Availability configuration, Mattermost fails to ...