Lucene search

GoogleOSV:CVE-2023-2808

HistoryMay 29, 2023 - 10:15 a.m.

CVE-2023-2808

2023-05-2910:15:10

Google

osv.dev

mattermost

link preview

disallowed domain

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.4%

JSON

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.

CPENameOperatorVersion
mattermosteq4.3.0-rc4
mattermosteq4.1.0
mattermosteq5.0.0
mattermosteq4.6.0-rc6
mattermosteq7.1.5
mattermosteq5.2.1
mattermosteq4.9.0-rc6
mattermosteq4.6.0-rc1
mattermosteq0.6.0
mattermosteq5.0.1

Name	Operator	Version
mattermost	eq	4.3.0-rc4
mattermost	eq	4.1.0
mattermost	eq	5.0.0
mattermost	eq	4.6.0-rc6
mattermost	eq	7.1.5
mattermost	eq	5.2.1
mattermost	eq	4.9.0-rc6
mattermost	eq	4.6.0-rc1
mattermost	eq	0.6.0
mattermost	eq	5.0.1

Rows per page:

1-10 of 1321

References

mattermost.com/security-updates/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.4%

JSON

Related for OSV:CVE-2023-2808