Lucene search
GitHub Advisory DatabaseGHSA-Q7RX-W656-FWMVHistoryJan 02, 2024 - 12:30 p.m.
Mattermost notified all users in the channel when using WebSockets to respond individually
2024-01-0212:30:18
CWE-200
GitHub Advisory Database
github.com
5
mattermost
websocket
scope
broadcasting
security issue
Mattermost fails to scope the WebSocket response around notified usersย to a each user separately resulting in theย WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/mattermost/mattermost-server/v6 | le | 8.1.6 | |
| github.com/mattermost/mattermost/server/v8 | le | 8.1.6 |
Related
cvelist
cvelist
CVE-2023-48732 Keywords that trigger mentions are leaked to other users
2024-01-02 09:52:01
osv
osv
BIT-mattermost-2023-48732
2024-03-06 10:58:26
Mattermost notified all users in the channel when using WebSockets to respond individually
2024-01-02 12:30:18
CVE-2023-48732
2024-01-02 10:15:08
prion
prion
Information disclosure
2024-01-02 10:15:00
cve
cve
CVE-2023-48732
2024-01-02 10:15:08
veracode
veracode
Insufficient Authorization
2024-01-03 09:09:19