Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS04amhoLTNqZjItcGZ3cs4AAyez

Moderate EPSS: 0.00176% (0.39862 Percentile) EPSS:
Permalink JSON

Mattermost vulnerable to information disclosure

Affected Packages Affected Versions Fixed Versions
go:github.com/mattermost/mattermost-server/v6 >= 6.0.0, <= 6.7.2 7.1.6
111 Dependent packages
168 Dependent repositories

Affected Version Ranges

All affected versions

6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.7.1, 6.7.2

All unaffected versions
go:github.com/mattermost/mattermost-server/v5 >= 5.0.0, <= 5.39.3 7.1.6
215 Dependent packages
280 Dependent repositories

Affected Version Ranges

All affected versions

5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 5.4.0, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.8.0, 5.8.1, 5.8.2, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.10.0, 5.10.1, 5.10.2, 5.11.0, 5.11.1, 5.12.0, 5.12.1, 5.12.2, 5.12.3, 5.12.4, 5.12.5, 5.12.6, 5.13.0, 5.13.1, 5.13.2, 5.13.3, 5.14.0, 5.14.1, 5.14.2, 5.14.3, 5.14.4, 5.14.5, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.16.0, 5.16.1, 5.16.2, 5.16.3, 5.16.4, 5.16.5, 5.17.0, 5.17.1, 5.17.2, 5.17.3, 5.18.0, 5.18.1, 5.18.2, 5.19.0, 5.19.1, 5.19.2, 5.19.3, 5.20.0, 5.20.1, 5.20.2, 5.21.0, 5.22.0, 5.22.1, 5.22.2, 5.22.3, 5.23.0, 5.23.1, 5.23.2, 5.24.0, 5.24.1, 5.24.2, 5.24.3, 5.25.0, 5.25.1, 5.25.2, 5.25.3, 5.25.4, 5.25.5, 5.25.6, 5.26.0, 5.26.1, 5.26.2, 5.27.0, 5.27.1, 5.27.2, 5.28.0, 5.28.1, 5.28.2, 5.29.0, 5.29.1, 5.29.2, 5.30.0, 5.30.1, 5.30.2, 5.30.3, 5.31.0, 5.31.1, 5.31.2, 5.31.3, 5.31.4, 5.31.5, 5.31.6, 5.31.7, 5.31.8, 5.31.9, 5.32.0, 5.32.1, 5.33.0, 5.33.1, 5.33.2, 5.33.3, 5.33.4, 5.33.5, 5.34.0, 5.34.1, 5.34.2, 5.34.3, 5.34.4, 5.34.5, 5.35.0, 5.35.1, 5.35.2, 5.35.3, 5.35.4, 5.35.5, 5.36.0, 5.36.1, 5.36.2, 5.37.0, 5.37.1, 5.37.2, 5.37.3, 5.37.4, 5.37.5, 5.37.6, 5.37.7, 5.37.8, 5.37.9, 5.37.10, 5.38.0, 5.38.1, 5.38.2, 5.38.3, 5.38.4, 5.39.0, 5.39.1, 5.39.2, 5.39.3

All unaffected versions
go:github.com/mattermost/mattermost-server >= 7.1.0, <= 7.1.5, >= 7.7.0, <= 7.7.1, >= 3.3.0, <= 4.10.10 7.1.6, 7.7.2, 7.1.6
131 Dependent packages
122 Dependent repositories

Affected Version Ranges

All affected versions

3.3.0, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 3.9.1, 3.9.2, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.8.0, 4.8.1, 4.8.2, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9, 4.10.10

All unaffected versions

0.5.0, 0.6.0, 1.0.0, 1.1.0, 1.1.1, 1.2.1, 1.3.0, 1.4.0, 2.0.0, 2.1.0, 2.2.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.2.0, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 5.4.0, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.7.0, 5.7.1, 5.7.2, 5.7.3, 5.8.0, 5.8.1, 5.8.2, 5.9.0, 5.9.1, 5.9.2, 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.10.0, 5.10.1, 5.10.2, 5.11.0, 5.11.1, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.9, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.4.5, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.6.0, 9.6.1

When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.

Issue Identifier: MMSA-2023-00138

References:

Identifiers

GHSA-8jhh-3jf2-pfwr

CVE-2023-1775

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00176

EPSS Percentile: 0.39862

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON