Is MatterMost having an impact on CVE-2022-22963 and CVE-2022-22965?

We recently discovered the CVE-2022-22965/Spring4Shell (Spring Core) and CVE-2022-22963 (Spring Cloud Functions) vulnerabilities. Was this a problem with any of the Mattermost versions?

Could you please tell us if you’d like us to look into this?

We’re working with MatterMost Team Edition:

Version 6.4.1 of Mattermost

A response from our Security team:

A critical vulnerability targeting the Spring Java framework was recently disclosed. Mattermost would like to share a quick update that our services and products are NOT affected by the Spring4Shell security vulnerability also identified as CVE-2022-22965.

1 Like