CVE-2023-2281

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.

Published: Apr 25, 2023
Updated: May 5, 2023
CVE: CVE-2023-2281
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mattermost / mattermost_server	-	7.9.0

https://mattermost.com/security-updates/

Vulnerability Database

CVE-2023-2281