Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/mattermost/mattermost-server/v6(Go) | 6.3.0 | 7.1.6 | N/A |
| github.com/mattermost/mattermost-server(Go) | 7.8.0 | 7.8.1 | N/A |
| github.com/mattermost/mattermost-server(Go) | 7.7.0 | 7.7.2 | N/A |
| github.com/mattermost/mattermost-server(Go) | 7.1.0 | 7.1.6 | N/A |
| github.com/mattermost/mattermost-server/v6(Go) | 6.0.0-20211025164829-f7a8147b825c | 6.0.0-20230301145909-10be118d99a5 | N/A |
| github.com/mattermost/mattermost-server(Go) | 1.4.1-0.20211025164829-f7a8147b825c | 1.4.1-0.20230301145909-10be118d99a5 | N/A |
CVSS Metrics
