Security
Headlines

Headlines Latest CVEs

Headline

GHSA-jjr7-372r-cx7x: Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.

11 months ago

#vulnerability #git #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2023-43754

Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Moderate severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

Package

gomod github.com/mattermost/mattermost-server/v6 (Go)

Affected versions

< 7.8.13

gomod github.com/mattermost/mattermost/server/v8 (Go)

>= 9.1.0, < 9.1.1

>= 9.0.0, < 9.0.2

< 8.1.4

Published to the GitHub Advisory Database

Nov 27, 2023

Last updated

Nov 28, 2023

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

53 minutes ago

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

55 minutes ago

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

4 hours ago

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

5 hours ago

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

5 hours ago