First published: Fri Aug 11 2023(Updated: )
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | >=7.8.0<7.8.8 | |
Mattermost Mattermost | >=7.9.0<7.9.6 | |
Mattermost Mattermost | >=7.10.0<7.10.4 | |
go/github.com/mattermost/mattermost-server/v6 | >=7.10.0<=7.10.3 | 7.10.4 |
go/github.com/mattermost/mattermost-server/v6 | >=7.9.0<=7.9.5 | 7.9.6 |
go/github.com/mattermost/mattermost-server/v6 | <=7.8.7 | 7.8.8 |
>=7.8.0<7.8.8 | ||
>=7.9.0<7.9.6 | ||
>=7.10.0<7.10.4 |
Update Mattermost Server to versions 7.8.8, 7.9.6, 7.10.4 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-4108.
The severity of CVE-2023-4108 is high with a score of 7.5.
The vulnerability in Mattermost allows unsanitized post metadata to be logged, potentially exposing sensitive information in permalinks.
Versions 7.10.0 through 7.10.3, 7.9.0 through 7.9.5, and 7.8.0 through 7.8.7 of Mattermost are affected.
To fix the CVE-2023-4108 vulnerability, update Mattermost to version 7.10.4, 7.9.6, or 7.8.8.