Description
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- Mattermost / Mattermost Github Plugin0 – 7.1.9
- Mattermost / Mattermost Github Plugin0 – 7.8.4
- Mattermost / Mattermost Github Plugin7.1.10 – 7.1.10
- Mattermost / Mattermost Github Plugin7.8.5 – 7.8.5
- Mattermost / Mattermost Github Plugin7.10.0 – 7.10.0
- Mattermost / Mattermost Github Plugin7.10.1 – 7.10.1