Lucene search
HistoryDec 06, 2023 - 9:15 a.m.
CVE-2023-6459
mattermost
endpoint
revealing
channelids
cve-2023-6459
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.0%
Mattermost is grouping calls inΒ the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.
Affected configurations
Node
mattermostmattermost_serverRange<7.8.14
ORmattermostmattermost_serverRange8.0.0β8.1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mattermost | mattermost_server | * | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* |
References
Related
prion
prion
Design/Logic Flaw
2023-12-06 09:15:00
veracode
veracode
Information Disclosure
2023-12-07 12:19:42
osv
osv
CGA-r879-mx58-2c24
2024-07-15 22:06:20
CGA-wm9x-r8p7-p6qr
2024-06-24 14:34:07
CGA-9w3m-rfmp-84vv
2024-09-25 01:54:17
cvelist
cvelist
CVE-2023-6459 Public endpoint /metrics of Calls plugin reveals channel IDs
2023-12-06 08:11:36
cve
cve
CVE-2023-6459
2023-12-06 09:15:09
github
github
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2023-6459