| id: GO-TEST-ID |
| modules: |
| - module: github.com/mattermost/mattermost-server |
| versions: |
| - introduced: 7.1.0 |
| fixed: 7.1.6 |
| - module: github.com/mattermost/mattermost-server |
| versions: |
| - introduced: 7.7.0 |
| fixed: 7.7.2 |
| - module: github.com/mattermost/mattermost-server |
| versions: |
| - introduced: 7.8.0 |
| fixed: 7.8.1 |
| - module: github.com/mattermost/mattermost-server/v6 |
| versions: |
| - introduced: 6.3.0 |
| fixed: 7.1.6 |
| summary: Mattermost vulnerable to information disclosure |
| description: |- |
| Mattermost allows an attacker to request a preview of an existing message when |
| creating a new message via the createPost API call, disclosing the contents of |
| the linked message. |
| cves: |
| - CVE-2023-1777 |
| ghsas: |
| - GHSA-3wq5-3f56-v5xc |
| references: |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1777 |
| - web: https://mattermost.com/security-updates/ |
| - package: github.com/mattermost/mattermost-server |
| notes: |
| - 'lint: "github.com/mattermost/mattermost-server" is not a valid URL' |
| - 'lint: github.com/mattermost/mattermost-server/v6: bad version "7.1.6": github.com/mattermost/mattermost-server/v6@v7.1.6: invalid version: should be v6, not v7' |
| - 'lint: github.com/mattermost/mattermost-server: bad version "7.1.0": github.com/mattermost/mattermost-server@v7.1.0: invalid version: should be v0 or v1, not v7' |
| - 'lint: github.com/mattermost/mattermost-server: bad version "7.7.0": github.com/mattermost/mattermost-server@v7.7.0: invalid version: should be v0 or v1, not v7' |
| - 'lint: github.com/mattermost/mattermost-server: bad version "7.8.0": github.com/mattermost/mattermost-server@v7.8.0: invalid version: should be v0 or v1, not v7' |