Lucene search

MattermostCVELIST:CVE-2023-7114

HistoryDec 29, 2023 - 12:46 p.m.

CVE-2023-7114

2023-12-2912:46:22

CWE-74

Mattermost

www.cve.org

mattermost

deeplink paths

csrf

attacks

sanitize

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "2.10.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "2.10.0",
        "status": "unaffected",
        "version": "2.10.1 ",
        "versionType": "semver"
      }
    ]
  }
]

References

mattermost.com/security-updates

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for CVELIST:CVE-2023-7114