CVE-2023-48732
Keywords that trigger mentions are leaked to other users
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
Mattermost · MattermostQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://mattermost.com/security-updates