CVE-2023-1775
published 2023-03-31CVE-2023-1775: When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 3.3.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server | >= 7.1.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server | >= 7.7.0 < 7.7.2 | 7.7.2 |
| github.com | mattermost_mattermost-server_v5 | >= 5.0.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server_v6 | >= 6.0.0 < 7.1.6 | 7.1.6 |
| mattermost | mattermost | >= 3.3.0 < 7.8.0 | 7.8.0 |
| mattermost | mattermost | 3.3.0 – 7.7.1 | — |
| mattermost | mattermost_server | < 7.1.6 | 7.1.6 |
| mattermost | mattermost_server | — | — |