CVE-2023-45316

🗓️ 12 Dec 2023 08:23:17Reported by MattermostType

cve🔗 web.nvd.nist.gov👁 71 Views🌐 WEB

Mattermost path traversal vulnerability in telemetry run ID validatio

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-45316	2 Jan 202410:07	–	circl
CNNVD	Mattermost Path Traversal Vulnerability	12 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks	12 Dec 202308:23	–	cvelist
EUVD	EUVD-2023-49610	3 Oct 202520:07	–	euvd
NVD	CVE-2023-45316	12 Dec 202309:15	–	nvd
OSV	BIT-MATTERMOST-2023-45316	6 Mar 202410:59	–	osv
Prion	Path traversal	12 Dec 202309:15	–	prion
Positive Technologies	PT-2023-8221 · Unknown · Mattermost	12 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-45316	9 Jan 202608:58	–	redhatcve
Vulnrichment	CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks	12 Dec 202308:23	–	vulnrichment

NVD

Node

mattermost mattermost_serverRange≤7.8.14

mattermost mattermost_serverRange8.0.0–8.1.5

mattermost mattermost_serverRange9.0.0–9.0.3

mattermost mattermost_serverRange9.1.1–9.1.2

mattermost mattermost_serverRange9.2.0–9.2.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.1.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.8.14",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "8.1.6"
      },
      {
        "status": "unaffected",
        "version": "9.0.4"
      },
      {
        "status": "unaffected",
        "version": "9.1.3"
      },
      {
        "status": "unaffected",
        "version": "9.2.2"
      },
      {
        "status": "unaffected",
        "version": "7.8.15"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

Parameter	Position	Path	Description	CWE
telem_run_id	path	/plugins/playbooks/api/v0/telemetry/run/<telem_run_id>	Path traversal via telemetry run ID in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> enabling CSRF by pointing to a different endpoint.	CWE-352, CWE-22

21 Nov 2024 08:26Current

7.9High risk

Vulners AI Score7.9

CVSS 3.17.3 - 8.8

EPSS0.00262

SSVC