CVE-2023-2787

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/06/2023
Last modified:
26/06/2023

Description

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* 7.1.0 (including) 7.1.9 (including)
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* 7.8.0 (including) 7.8.4 (including)
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* 7.9.0 (including) 7.9.3 (including)
cpe:2.3:a:mattermost:mattermost:7.10.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools