Lucene search

[email protected]NVD:CVE-2023-47858

HistoryJan 02, 2024 - 10:15 a.m.

CVE-2023-47858

2024-01-0210:15:08

CWE-284

[email protected]

web.nvd.nist.gov

mattermost

permissions

public channels

team

endpoint

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

14.0%

JSON

Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.

Affected configurations

Nvd

Node

mattermostmattermost_serverRange<8.1.7

mattermostmattermost_serverRange9.0.0–9.0.5

mattermostmattermost_serverRange9.1.0–9.1.4

mattermostmattermost_serverRange9.2.0–9.2.3

VendorProductVersionCPE
mattermostmattermost_server*cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mattermost	mattermost_server	*	cpe:2.3:a:mattermost:mattermost_server::::::::

References

mattermost.com/security-updates

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2023-47858

veracode1 osv8 cve1 prion1 github1 cvelist1