Cross-Site Request Forgery Vulnerability in Mattermost by Mattermost
CVE-2023-7114

7.1HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 29 December 2023

Summary

Mattermost versions up to 2.10.0 lack proper sanitization of deeplink paths, which can enable attackers to exploit this flaw through Cross-Site Request Forgery (CSRF) attacks. This security oversight may allow unauthorized actions to be performed on behalf of authenticated users, potentially compromising server integrity and user data. It's crucial for users of affected versions to be aware of this vulnerability and take appropriate actions to mitigate potential risks.

Affected Version(s)

Mattermost 0 <= 2.10.0

Mattermost 2.10.1 <= 2.10.1

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 29, 2023
Vulnerability Reserved
Dec 26, 2023

Credit

DoyenSec