Lack of server certificate validation in websockets connection
CVE-2023-3615

8.1HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost iOS App
Vendor: CVE Published:; 17 July 2023

Summary

The Mattermost iOS app has a security flaw where it fails to adequately validate server certificates during TLS initialization. This vulnerability can be exploited by network attackers, potentially allowing them to intercept WebSockets communication between the app and server. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

Mattermost iOS app iOS 0 <= 2.5.0

Mattermost iOS app iOS 2.5.1

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2023
Vulnerability Reserved
Jul 11, 2023

Credit

aapo (aapo)