Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-913s-97m1-mqaw
Vulnerability ID VCID-913s-97m1-mqaw
Aliases CVE-2023-1775
GHSA-8jhh-3jf2-pfwr
Summary When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-668 Exposure of Resource to Wrong Sphere
System Score Found at
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-1775
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-1775
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-1775
cvssv3.1 6.5 https://github.com.mattermost/mattermost-server
generic_textual MODERATE https://github.com.mattermost/mattermost-server
cvssv3.1 6.5 https://mattermost.com/security-updates
generic_textual MODERATE https://mattermost.com/security-updates
cvssv3.1 4.3 https://mattermost.com/security-updates/
ssvc Track https://mattermost.com/security-updates/
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-1775
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-1775
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-1775
https://github.com.mattermost/mattermost-server
https://nvd.nist.gov/vuln/detail/CVE-2023-1775
security-updates https://mattermost.com/security-updates/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com.mattermost/mattermost-server
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://mattermost.com/security-updates
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://mattermost.com/security-updates/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T22:52:00Z/ Found at https://mattermost.com/security-updates/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1775
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.54645
EPSS Score 0.00311
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:27:04.916855+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/1xxx/CVE-2023-1775.json 38.6.0