It is well known that (malicious) endpoints in a Wi-Fi network password-protected by WPA2-Personal can sniff all clear traffic to/from any other endpoint, if they can also capture the 4-way handshake of each connecting device. That information allows them to derive the per-connection link key of other users.
Is that still the case with WPA3-Personal (which doesn't use the same handshake)?
A well-advertised property of WPA3-Personal is that it makes password brute-forcing unfeasible, however in the scenario above, the attacker already knows the password.