CVE-2023-1775 Information

Description

When running in a High Availability configuration Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.

Reference

https://mattermost.com/security-updates/