When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mattermost mattermost server 7.7.1 |
||
mattermost mattermost server |