CVE-2023-1777: Exposure of Resource to Wrong Sphere

March 31, 2023 (updated April 7, 2023)

Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.

References

github.com/advisories/GHSA-3wq5-3f56-v5xc
mattermost.com/security-updates/
nvd.nist.gov/vuln/detail/CVE-2023-1777

Detect and mitigate CVE-2023-1777 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →