Moderate severityNVD Advisory· Published Mar 31, 2023· Updated Dec 6, 2024

Information disclosure in linked message previews

CVE-2023-1777

Description

Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/mattermost/mattermost-server/v6Go	>= 6.3.0, < 7.1.6	7.1.6
github.com/mattermost/mattermost-serverGo	>= 7.8.0, < 7.8.1	7.8.1
github.com/mattermost/mattermost-serverGo	>= 7.7.0, < 7.7.2	7.7.2
github.com/mattermost/mattermost-serverGo	>= 7.1.0, < 7.1.6	7.1.6
github.com/mattermost/mattermost-server/v6Go	>= 6.0.0-20211025164829-f7a8147b825c, < 6.0.0-20230301145909-10be118d99a5	6.0.0-20230301145909-10be118d99a5
github.com/mattermost/mattermost-serverGo	>= 1.4.1-0.20211025164829-f7a8147b825c, < 1.4.1-0.20230301145909-10be118d99a5	1.4.1-0.20230301145909-10be118d99a5

Affected products

Mattermost/Mattermostv5
Range: 6.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-3wq5-3f56-v5xcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-1777ghsaADVISORY
github.com/mattermost/mattermost-serverghsaPACKAGE
mattermost.com/security-updatesghsaWEB
mattermost.com/security-updates/mitre

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000