CVE-2023-43754: Exposure of Sensitive Information to an Unauthorized Actor

November 27, 2023 (updated November 28, 2023)

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.

References

github.com/advisories/GHSA-jjr7-372r-cx7x
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-43754

Code Behaviors & Features

Detect and mitigate CVE-2023-43754 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →