| { |
| "schema_version": "1.4.0", |
| "id": "GHSA-3wq5-3f56-v5xc", |
| "modified": "2023-04-07T21:02:25Z", |
| "published": "2023-03-31T12:30:16Z", |
| "aliases": [ |
| "CVE-2023-1777" |
| ], |
| "summary": "Mattermost vulnerable to information disclosure", |
| "details": "Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.", |
| "affected": [ |
| { |
| "package": { |
| "ecosystem": "Go", |
| "name": "github.com/mattermost/mattermost-server/v6" |
| }, |
| "ranges": [ |
| { |
| "type": "ECOSYSTEM", |
| "events": [ |
| { |
| "introduced": "6.3.0" |
| }, |
| { |
| "fixed": "7.1.6" |
| } |
| ] |
| } |
| ], |
| "database_specific": { |
| "last_known_affected_version_range": "\u003c= 6.7.2" |
| } |
| }, |
| { |
| "package": { |
| "ecosystem": "Go", |
| "name": "github.com/mattermost/mattermost-server" |
| }, |
| "ranges": [ |
| { |
| "type": "ECOSYSTEM", |
| "events": [ |
| { |
| "introduced": "7.8.0" |
| }, |
| { |
| "fixed": "7.8.1" |
| } |
| ] |
| } |
| ], |
| "versions": [ |
| "7.8.0" |
| ] |
| }, |
| { |
| "package": { |
| "ecosystem": "Go", |
| "name": "github.com/mattermost/mattermost-server" |
| }, |
| "ranges": [ |
| { |
| "type": "ECOSYSTEM", |
| "events": [ |
| { |
| "introduced": "7.7.0" |
| }, |
| { |
| "fixed": "7.7.2" |
| } |
| ] |
| } |
| ], |
| "database_specific": { |
| "last_known_affected_version_range": "\u003c= 7.7.1" |
| } |
| }, |
| { |
| "package": { |
| "ecosystem": "Go", |
| "name": "github.com/mattermost/mattermost-server" |
| }, |
| "ranges": [ |
| { |
| "type": "ECOSYSTEM", |
| "events": [ |
| { |
| "introduced": "7.1.0" |
| }, |
| { |
| "fixed": "7.1.6" |
| } |
| ] |
| } |
| ], |
| "database_specific": { |
| "last_known_affected_version_range": "\u003c= 7.1.5" |
| } |
| } |
| ], |
| "severity": [ |
| { |
| "type": "CVSS_V3", |
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" |
| } |
| ], |
| "references": [ |
| { |
| "type": "ADVISORY", |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1777" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://mattermost.com/security-updates/" |
| }, |
| { |
| "type": "PACKAGE", |
| "url": "github.com/mattermost/mattermost-server" |
| } |
| ], |
| "database_specific": { |
| "cwe_ids": [ |
| "CWE-668" |
| ], |
| "github_reviewed": true, |
| "github_reviewed_at": "2023-04-07T21:02:25Z", |
| "nvd_published_at": "2023-03-31T12:15:00Z", |
| "severity": "MODERATE" |
| } |
| } |