DirectorySecurity Advisories
Sign In
Security Advisories

CGA-wwwj-jp9r-cv3x

Published

Last updated

https://images.chainguard.dev/security/CGA-wwwj-jp9r-cv3x
Package

mattermost-9.11

Latest Update
Not affected
Aliases
  • CVE-2023-48732
  • GHSA-q7rx-w656-fwmv

Severity

4.3

Medium

CVSS V3

Summary

Mattermost notified all users in the channel when using WebSockets to respond individually

Description

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images