CVE-2023-2281
Published Apr 25, 2023
Last updated 2 years ago
Overview
- Description
- When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- responsibledisclosure@mattermost.com
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94666C53-2515-42CF-9EE0-F3CD3B801751",
"versionEndExcluding": "7.9.0"
}
],
"operator": "OR"
}
]
}
]