Mattermost notified all users in the channel when using WebSockets to respond individually

🗓️ 02 Jan 2024 12:18:30Reported by GoogleType

osv🔗 osv.dev👁 12 Views

Mattermost WebSocket broadcasting issue

Reporter	Title	Published	Views	Family All 13
Cvelist	CVE-2023-48732 Keywords that trigger mentions are leaked to other users	2 Jan 202409:52	–	cvelist
CVE	CVE-2023-48732	2 Jan 202410:15	–	cve
OSV	CGA-66CP-6234-HCGR	15 Jul 202421:53	–	osv
OSV	GO-2024-2448 Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server	28 Jun 202415:28	–	osv
OSV	CVE-2023-48732	2 Jan 202410:15	–	osv
OSV	CGA-WWWJ-JP9R-CV3X	25 Sep 202402:09	–	osv
OSV	BIT-mattermost-2023-48732	6 Mar 202410:58	–	osv
OSV	CGA-JHCR-G7WJ-9VQ2	24 Jun 202414:34	–	osv
OSV	CGA-84GG-72G9-V689	25 Sep 202401:54	–	osv
Prion	Information disclosure	2 Jan 202410:15	–	prion

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-48732
github	www.github.com/mattermost/mattermost/commit/851515be222160bee0a495c0d411056b19ed4111
github	www.github.com/advisories/GHSA-q7rx-w656-fwmv
github	www.github.com/mattermost/mattermost
mattermost	www.mattermost.com/security-updates

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Jan 2024 12:30Current

6.5Medium risk

Vulners AI Score6.5

CVSS34.3

EPSS0.00197