Lucene search
MattermostCVELIST:CVE-2023-27266HistoryFeb 27, 2023 - 2:46 p.m.
CVE-2023-27266 Disclosure of team owner email address when when accessing the teams API
2023-02-2714:46:28
CWE-200
Mattermost
www.cve.org
2
cve-2023-27266
disclosure
team api
team owner
email address
privileges
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
4
Confidence
High
EPSS
0.001
Percentile
23.6%
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner’s email address in the response.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThan": "7.7.0",
"status": "affected",
"version": "5.12.0",
"versionType": "semver"
}
]
}
]References
Related
osv
osv
CVE-2023-27266
2023-02-27 15:15:12
BIT-mattermost-2023-27266
2024-03-06 11:01:23
prion
prion
Code injection
2023-02-27 15:15:00
cve
cve
CVE-2023-27266
2023-02-27 15:15:12
nvd
nvd
CVE-2023-27266
2023-02-27 15:15:12
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
4
Confidence
High
EPSS
0.001
Percentile
23.6%
Related for CVELIST:CVE-2023-27266