Lucene search
HistorySep 29, 2023 - 10:15 a.m.
CVE-2023-5193
mattermost
permissions
retrieving posts
system role
dm conversation
cve-2023-5193
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Mattermost fails to properly check permissions when retrieving a post allowing forΒ a System Role with the permission to manage channels to read the posts of a DM conversation.
Affected configurations
Node
mattermostmattermostRange7.0.0β7.8.10
ORmattermostmattermostRange8.0.0β8.0.2
ORmattermostmattermostRange8.1.0β8.1.1
References
Related
cve
cve
CVE-2023-5193
2023-09-29 10:15:10
osv
osv
Mattermost Incorrect Authorization vulnerability
2023-09-29 12:30:16
CVE-2023-5193
2023-09-29 10:15:10
prion
prion
Design/Logic Flaw
2023-09-29 10:15:00
veracode
veracode
Privilege Escalation
2023-10-11 15:03:46
github
github
Mattermost Incorrect Authorization vulnerability
2023-09-29 12:30:16
cvelist
cvelist
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Related for NVD:CVE-2023-5193