Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mattermost | Mattermost | 7.1.0 (including) | 7.1.9 (including) |
Mattermost | Mattermost | 7.8.0 (including) | 7.8.4 (including) |
Mattermost | Mattermost | 7.9.0 (including) | 7.9.3 (including) |
Mattermost | Mattermost | 7.10.0 (including) | 7.10.0 (including) |