5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
18.4%
github.com/mattermost/mattermost-server is vulnerable to Improper Input Validation. The vulnerability exists due to not properly validating the Unicode characters in the domain name, which allows an attacker to bypass the domain denylist for link previews by sharing links with Unicode-confusable characters.
github.com/advisories/GHSA-vc9q-cghx-53cj
github.com/mattermost/mattermost/commit/4108f4bfc56c0976ab10e02d33cb9411aea17b45
github.com/mattermost/mattermost/commit/702b2f8b7a1f9118d17e627f60814fa25bb4a494
github.com/mattermost/mattermost/commit/9b665c68ac1e21441ab4723ce2e3ac1e04ce055e
github.com/mattermost/mattermost/commit/e05ee18add93b8badf667508a8e2640dea62df2c
mattermost.com/security-updates/