Lucene search

[email protected]CVE-2023-1562

HistoryMar 22, 2023 - 11:15 a.m.

CVE-2023-1562

2023-03-2211:15:10

CWE-668

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023-1562

mattermost

api

full name disclosure

security vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Mattermost fails to check the “Show Full Name” setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.

Affected configurations

NVD

Node

mattermostmattermostRange<7.5.0

CPENameOperatorVersion
mattermost:mattermostmattermostlt7.5.0

CPE	Name	Operator	Version
mattermost:mattermost	mattermost	lt	7.5.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "status": "affected",
        "version": "7.4.0"
      },
      {
        "status": "unaffected",
        "version": "7.5.0"
      }
    ]
  }
]

References

mattermost.com/security-updates/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for CVE-2023-1562

cvelist1 nvd1 osv1 prion1