CVE-2023-2281
Archiving a team broadcasts unsanitized data over WebSockets
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
Mattermost · MattermostQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://mattermost.com/security-updates/