CVE-2023-48732
published 2024-01-02CVE-2023-48732: Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 8.1.7+incompatible | 8.1.7+incompatible |
| github.com | mattermost_mattermost-server_v6 | >= 0 < 8.1.7 | 8.1.7 |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.1.7 | 8.1.7 |
| mattermost | mattermost | <= 8.1.6 | — |
| mattermost | mattermost_server | < 8.1.7 | 8.1.7 |