VYPR
Moderate severityNVD Advisory· Published Mar 31, 2023· Updated Dec 6, 2024

Unsanitized events sent over Websocket to regular users in a High Availability environment

CVE-2023-1775

Description

When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-serverGo
>= 3.3.0, < 7.1.67.1.6
github.com/mattermost/mattermost-serverGo
>= 7.7.0, < 7.7.27.7.2
github.com/mattermost/mattermost-serverGo
>= 7.1.0, < 7.1.67.1.6
github.com/mattermost/mattermost-server/v5Go
>= 5.0.0, < 7.1.67.1.6
github.com/mattermost/mattermost-server/v6Go
>= 6.0.0, < 7.1.67.1.6

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.