Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts
Vulnerability Description
Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 11.3.0及之前的11.3.x版本存在安全漏洞,该漏洞源于在删除期间未能保留阅后即焚帖子的编辑状态,可能导致频道成员通过WebSocket帖子删除事件访问未揭示的阅后即焚消息内容。
CVSS Information
N/A
Vulnerability Type
N/A