When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-04-25T13:04:42.287Z

Updated: 2024-12-06T23:04:46.320Z

Reserved: 2023-04-25T13:04:22.071Z

Link: CVE-2023-2281

cve-icon Vulnrichment

Updated: 2024-08-02T06:19:14.118Z

cve-icon NVD

Status : Modified

Published: 2023-04-25T14:15:09.423

Modified: 2024-11-21T07:58:18.110

Link: CVE-2023-2281

cve-icon Redhat

Severity : Low

Publid Date: 2023-04-25T00:00:00Z

Links: CVE-2023-2281 - Bugzilla