First published: Fri Jun 16 2023(Updated: )
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
Credit: responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | >=7.1.0<=7.1.9 | |
Mattermost Mattermost | >=7.8.0<=7.8.4 | |
Mattermost Mattermost | >=7.9.0<=7.9.3 | |
Mattermost Mattermost | =7.10.0 |
Update Mattermost to version 7.1.10, 7.8.5, 7.9.4, 7.10.1 or higher
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2792 is a vulnerability in Mattermost that allows an attacker to obtain arbitrary message contents.
CVE-2023-2792 has a severity level of medium.
Mattermost versions 7.1.0 to 7.1.9, 7.8.0 to 7.8.4, 7.9.0 to 7.9.3, and 7.10.0 are affected by CVE-2023-2792.
An attacker can exploit CVE-2023-2792 by using a specially crafted /groupmsg command to obtain arbitrary message contents.
To fix CVE-2023-2792, it is recommended to update to a version of Mattermost that is not affected by the vulnerability.