Mattermost versions 9.5.x < 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.
Publication date: Wed, 03 Jul 2024 09:15:00 +0000