PT-2023-25354 · Unknown · Mattermost

Daniel Pallinger

Publicado

2023-07-17

Atualizado

2024-03-06

CVE-2023-3587

CVSS v3.1

2.7

Baixa

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mattermost (affected versions not specified)

Description The issue allows a system admin to modify a board state, enabling any user with a valid sharing link to join the board with editor access. However, the UI does not show the updated permissions, potentially leading to unintended access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

BIT-MATTERMOST-2023-3587

CVE-2023-3587

Produtos afetados

Mattermost

PT-2023-25354 · Unknown · Mattermost

CVE-2023-3587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8