When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-04-25T13:04:42.287Z
Updated: 2023-04-25T13:04:42.287Z
Reserved: 2023-04-25T13:04:22.071Z
Link: CVE-2023-2281
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-25T14:15:09.423
Modified: 2023-05-04T17:37:18.207
Link: CVE-2023-2281
JSON object: View
Redhat Information
No data.