Podatność CVE-2023-6459
Publikacja: 2023-12-06   Modyfikacja: 2023-12-14

Opis:
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.

Typ:

CWE-noinfo

Affected software
Mattermost -> Mattermost server 

 Referencje:
https://mattermost.com/security-updates
Copyright 2024, cxsecurity.com

 

Back to Top