CVE-2023-6459
published 2023-12-06CVE-2023-6459: Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server_v6 | >= 0 < 7.8.14 | 7.8.14 |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.1.5 | 8.1.5 |
| mattermost | mattermost | <= 7.8.13 | — |
| mattermost | mattermost_server | < 7.8.14 | 7.8.14 |
| mattermost | mattermost_server | >= 8.0.0 < 8.1.5 | 8.1.5 |