When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-04-25T13:04:42.287Z
Updated: 2024-08-02T06:19:14.118Z
Reserved: 2023-04-25T13:04:22.071Z
Link: CVE-2023-2281
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-04-25T14:15:09.423
Modified: 2023-05-04T17:37:18.207
Link: CVE-2023-2281
Redhat