CVE-2023-6459

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-6459

Severity

5.3

Medium

CVSS CVSS_V3

Description

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.

References

https://images.chainguard.dev/security/CGA-9w3m-rfmp-84vv
https://github.com/advisories/GHSA-63cv-4pc2-4fcf
https://images.chainguard.dev/security/CGA-8hf8-jcx4-7qwf
https://images.chainguard.dev/security/CGA-hq9q-8hrj-882q
https://images.chainguard.dev/security/CGA-gx3h-7cj4-vqq6
https://images.chainguard.dev/security/CGA-jm8q-ppxg-7hpf
https://images.chainguard.dev/security/CGA-hwjm-28xq-4j9c
https://images.chainguard.dev/security/CGA-wm9x-r8p7-p6qr
https://images.chainguard.dev/security/CGA-gqwr-647p-2wxg
https://images.chainguard.dev/security/CGA-r6mq-p5g2-ww6p
https://images.chainguard.dev/security/CGA-mx8c-wm5c-hvm4
https://images.chainguard.dev/security/CGA-r4gw-f7xr-987c
https://images.chainguard.dev/security/CGA-mp3c-v36r-qvmc
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2023-6459

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources