Lucene search

K
osvGoogleOSV:CVE-2023-5160
HistoryOct 02, 2023 - 11:15 a.m.

CVE-2023-5160

2023-10-0211:15:50
Google
osv.dev
7
mattermost
show full name
security vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.0%

Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowingΒ a member to get the full name of another user even if the Show Full Name option was disabled

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.0%

Related for OSV:CVE-2023-5160