CVE-2023-1775

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-1775

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1775.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-1775

Aliases

Published

2023-03-31T12:15:06.700Z

Modified

2026-04-10T04:54:28.625523Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

When running in a High Availability configuration, Mattermost fails to sanitize some of the userupdated and postdeleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

Fixed

5a8ebc95d0cbf61d974430d4c03c3ffef36d4543

Introduced

Last affected

63149c4869898f8c1d3a94ea728370ec4a07575f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.1.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.7.1"
        }
    ]
}

Affected versions

Other

cloud-2022-06-29-1

cloud-2022-07-20-1

cloud-2022-08-10-1

cloud-2022-09-08-1

cloud-2022-10-06-1

cloud-2022-11-11-1

cloud-2022-11-24-1

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.2.0-rc1

v5.2.0-rc2

v7.*

v7.1.0

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.7.0

v7.7.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1775.json"