{"id":"CVE-2023-2808","details":"Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.\n\n","modified":"2026-03-14T12:00:20.893803Z","published":"2023-05-29T10:15:10.083Z","references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-server","events":[{"introduced":"f86ca3ed0a33440f144088fde9d3e002f749e95f"},{"fixed":"96cf6c0f7a0c2e98815dbd9397c8de79528ae306"},{"introduced":"87cbeafd363557615354cdf622adf3929f73e561"},{"fixed":"b3eb2e451e18b4003634954c2c4be678695dc26a"},{"introduced":"c4d8c1450ab2b9538bbc2690ca1ee865567a5888"},{"fixed":"27b2437e0f93d3f48b9caebdceb7795b64d5cd9f"}],"database_specific":{"versions":[{"introduced":"5.34.0"},{"fixed":"7.1.9"},{"introduced":"7.2.0"},{"fixed":"7.8.4"},{"introduced":"7.9.0"},{"fixed":"7.9.3"}]}}],"versions":["v7.9.0","v7.9.1","v7.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2808.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}