Lucene search

MattermostCVELIST:CVE-2023-3615

HistoryJul 17, 2023 - 3:33 p.m.

CVE-2023-3615 Lack of server certificate validation in websockets connection

2023-07-1715:33:25

CWE-295

Mattermost

www.cve.org

cve-2023-3615

websockets

tls connection

network attacker

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.0%

JSON

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "iOS"
    ],
    "product": "Mattermost iOS app",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "2.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "2.5.1"
      }
    ]
  }
]

References

mattermost.com/security-updates

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.0%

JSON

Related for CVELIST:CVE-2023-3615