BIT-mattermost-2023-2281

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2023-2281.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mattermost-2023-2281
Aliases
Published
2024-03-06T11:01:55.882Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.

References

Affected packages

Bitnami / mattermost

Package

Name
mattermost
Purl
pkg:bitnami/mattermost

Severity

  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.9.0