CVE-2023-6459 Public endpoint /metrics of Calls plugin reveals channel IDs

🗓️ 06 Dec 2023 08:11:36Reported by MattermostType

Mattermost /metrics endpoint reveals channel IDs

Reporter	Title	Published	Views	Family All 22
Chainguard	CVE-2023-6459 vulnerabilities	1 May 202507:14	–	cgr
Circl	CVE-2023-6459	30 Dec 202308:01	–	circl
CNNVD	Mattermost 安全漏洞	6 Dec 202300:00	–	cnnvd
CNVD	Mattermost Information Disclosure Vulnerability (CNVD-2023-9769937)	8 Dec 202300:00	–	cnvd
CVE	CVE-2023-6459	6 Dec 202308:11	–	cve
EUVD	EUVD-2023-3122	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability	6 Dec 202309:30	–	github
NVD	CVE-2023-6459	6 Dec 202309:15	–	nvd
OSV	BIT-MATTERMOST-2023-6459	6 Mar 202410:56	–	osv
OSV	CGA-9W3M-RFMP-84VV	25 Sep 202401:54	–	osv

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "7.8.13",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.4",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "8.1.5"
      },
      {
        "status": "unaffected",
        "version": "7.8.14"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

06 Dec 2023 08:11Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

EPSS0.00376

CWE-200