7 matches found
BIT-MATTERMOST-2023-6459
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...
GHSA-63CV-4PC2-4FCF Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...
CVE-2023-6459
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...
CVE-2023-6459
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...
Design/Logic Flaw
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...
CVE-2023-6459
Mattermost CVE-2023-6459 affects the /metrics endpoint. The vulnerability arises because calls are grouped by id and report that id in the response, where id corresponds to channelID, causing the public /metrics endpoint to disclose channelIDs. The available connected records (BIT-MATTERMOST-2023...