VYPR
Moderate severityNVD Advisory· Published Jan 2, 2024· Updated Jun 3, 2025

Keywords that trigger mentions are leaked to other users

CVE-2023-48732

Description

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
< 8.1.78.1.7
github.com/mattermost/mattermost-server/v6Go
< 8.1.78.1.7

Affected products

42

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.