CGA-q52f-336q-m33p

Published

Last updated

https://images.chainguard.dev/security/CGA-q52f-336q-m33p

Package

mattermost-fips-10.7

Repository

Chainguard

Latest Update

Fixed

Fixed Version

10.7.1-r1

Aliases

CVE-2023-43754
GHSA-jjr7-372r-cx7x

Severity

Unknown

Summary

Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Description

Mattermost fails to check whether the "Allow users to view archived channels" setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the "Allow users to view archived channels" setting is disabled.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-43754
https://github.com/advisories/GHSA-jjr7-372r-cx7x
https://github.com/mattermost/mattermost
https://mattermost.com/security-updates

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-q52f-336q-m33p

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources