CGA-84gg-72g9-v689

Published

Last updated

https://images.chainguard.dev/security/CGA-84gg-72g9-v689

Package

mattermost-10.0

Latest Update

Not affected

Aliases

CVE-2023-48732
GHSA-q7rx-w656-fwmv

Severity

4.3

Medium

CVSS V3

Summary

Mattermost notified all users in the channel when using WebSockets to respond individually

Description

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-48732
https://github.com/advisories/GHSA-q7rx-w656-fwmv
https://github.com/mattermost/mattermost/commit/851515be222160bee0a495c0d411056b19ed4111
https://github.com/mattermost/mattermost
https://mattermost.com/security-updates

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-84gg-72g9-v689

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources