CVE-2023-1777
published 2023-03-31CVE-2023-1777: Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 1.4.1-0.20211025164829-f7a8147b825c < 1.4.1-0.20230301145909-10be118d99a5 | 1.4.1-0.20230301145909-10be118d99a5 |
| github.com | mattermost_mattermost-server | >= 7.1.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server | >= 7.7.0 < 7.7.2 | 7.7.2 |
| github.com | mattermost_mattermost-server | >= 7.8.0 < 7.8.1 | 7.8.1 |
| github.com | mattermost_mattermost-server_v6 | >= 6.0.0-20211025164829-f7a8147b825c < 6.0.0-20230301145909-10be118d99a5 | 6.0.0-20230301145909-10be118d99a5 |
| github.com | mattermost_mattermost-server_v6 | >= 6.3.0 < 7.1.6 | 7.1.6 |
| mattermost | mattermost | 6.3.0 – 7.7.1 | — |
| mattermost | mattermost_server | < 7.1.6 | 7.1.6 |
| mattermost | mattermost_server | — | — |
| mattermost | mattermost_server | — | — |