Reflected client side path traversal leading to CSRF in Playbooks
CVE-2023-45316

7.3HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-45316?

The Mattermost platform contains a vulnerability in its telemetry API where it improperly validates the input for telemetry run IDs. This flaw allows an attacker to conduct path traversal, enabling them to manipulate the API endpoint and potentially initiate a cross-site request forgery (CSRF) attack. Users are advised to update to the latest version to mitigate the risks associated with this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mattermost 0 <= 9.1.2

Mattermost 0 <= 9.0.3

Mattermost 0 <= 8.1.5

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Dec 5, 2023

Credit

DoyenSec

JSON

Mattermost