CVE-2023-3584

🗓️ 17 Jul 2023 15:23:02Reported by MattermostType

cve🔗 web.nvd.nist.gov👁 2487 Views🌐 WEB

Mattermost CVE-2023-3584 security vulnerabilit

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-3584	17 Jul 202320:40	–	circl
CNNVD	Mattermost 安全漏洞	17 Jul 202300:00	–	cnnvd
Cvelist	CVE-2023-3584 Member can create team with team override scheme	17 Jul 202315:23	–	cvelist
EUVD	EUVD-2023-44234	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3584	17 Jul 202316:15	–	nvd
OSV	BIT-MATTERMOST-2023-3584	6 Mar 202411:00	–	osv
Prion	Authorization	17 Jul 202316:15	–	prion
Positive Technologies	PT-2023-25337 · Unknown · Mattermost	17 Jul 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-3584 Member can create team with team override scheme	17 Jul 202315:23	–	vulnrichment

NVD

Node

mattermost mattermost_serverRange7.8.0–7.8.5

mattermost mattermost_serverRange7.10.0–7.10.3

[
  {
    "defaultStatus": "affected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "7.8.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.10.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "7.10.3 "
      },
      {
        "status": "unaffected",
        "version": "7.8.5"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

Parameter	Position	Path	Description	CWE
team_override_scheme_id	request body	/api/v4/teams	Unauthorized creation of a team using a known Team Override Scheme ID due to improper authorization check on POST /api/v4/teams	CWE-863

21 Nov 2024 08:17Current

3.6Low risk

Vulners AI Score3.6

CVSS 3.13.1

EPSS0.00156

SSVC

CWE-863