When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-04-25T13:04:42.287Z
Updated: 2024-12-06T23:04:46.320Z
Reserved: 2023-04-25T13:04:22.071Z
Link: CVE-2023-2281
Vulnrichment
Updated: 2024-08-02T06:19:14.118Z
NVD
Status : Modified
Published: 2023-04-25T14:15:09.423
Modified: 2024-11-21T07:58:18.110
Link: CVE-2023-2281
Redhat