CVE-2023-2808 Information

Description

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.

Reference

https://mattermost.com/security-updates/