2 matches found
CVE-2023-1562 Full name revealed via /plugins/focalboard/api/v2/users
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner...
CVE-2023-1562
Mattermost exposes full names via the /plugins/focalboard/api/v2/users API because it does not respect the Show Full Name setting. Root cause: missing validation when rendering user information. Impact: potential information disclosure of board owners’ full names. Affected: Mattermost with focalb...