GSD-2022-1004951

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1004xxx/GSD-2022-1004951.json
Published
2022-08-05T03:45:01.608941Z
Modified
2022-08-05T03:45:01.608941Z
Details

In Slack between April 17, 2017 and July 17, 2022 if a shared invite link was created or revoked the hashed password of the user who created or revoked the link would have been disclosed in the invitation link, allowing an attacked viewing the invitation link to see the hashed password (also salted). Users have been advised to change their passwords.

References

Affected packages

GSD / Slack

Slack

Affected ranges

Affected versions

Other

between April 17, 2017 and July 17, 2022