5 matches found
CVE-2023-6202
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...
CVE-2023-6202
creationtimestamp| type| source ---|---|--- 2023-12-16 20:52:16+00:00| seen| Telegram/RQ71MEKLc-JmLT2Qy6VcUjmZdTKG-ZZX11TMVBJtypYtCGy...
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...
CVE-2023-6202
Mattermost (open source collaboration platform) contains an information disclosure vulnerability in the /plugins/focalboard/api/v2/users endpoint. An attacker who is a guest and knows another user’s ID can access that user’s information (e.g., name, surname, nickname) due to improper authorizatio...
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...