CVE-2023-47858 — Vulnetix

CVE-2023-47858 PUBLISHED CVSS 4.300000190734863 MEDIUM

Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.

EPSS 0.19% · 40.6th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.19%

40.6th percentile

Affected Products

Vendor	Product	Versions
Mattermost	Mattermost	0, 0, 8.1.7
github.com	mattermost/mattermost/server/v8	0, 0
mattermost	mattermost_server	0, 9.0.0, 9.2.0
github.com	mattermost/mattermost-server/v6	0, 0

Timeline

Jan 2, 2024 CVE Published
Jan 2, 2024 PoC Published
Jan 3, 2024 CVE Updated
Jan 3, 2024 EPSS Score
Jan 3, 2024 PoC Published
Jan 31, 2024 EPSS Score
Feb 29, 2024 EPSS Score
Mar 28, 2024 EPSS Score
Apr 26, 2024 EPSS Score
May 24, 2024 EPSS Score
Jun 22, 2024 EPSS Score
Jul 20, 2024 EPSS Score

References

https://mattermost.com/security-updates url
https://nvd.nist.gov/vuln/detail/CVE-2023-47858 advisory
https://github.com/mattermost/mattermost package

Open in Interactive Console →