Описание
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.7 (исключая)
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00585
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
debian
около 2 лет назад
Mattermost fails to scope the WebSocket response around notified users ...
CVSS3: 4.3
github
около 2 лет назад
Mattermost notified all users in the channel when using WebSockets to respond individually
EPSS
Процентиль: 68%
0.00585
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo