PT-2023-25440 · Mattermost · Mattermost Welcomebot Plugin

Jason Frerich

Publicado

2023-07-17

Atualizado

2024-03-06

CVE-2023-3613

CVSS v3.1

3.5

Baixa

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost WelcomeBot plugin (affected versions not specified)

Description The Mattermost WelcomeBot plugin fails to validate the membership status when inviting or adding users to channels, allowing guest accounts to be added or invited to channels by default.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BIT-MATTERMOST-2023-3613

CVE-2023-3613

Produtos afetados

Mattermost Welcomebot Plugin

PT-2023-25440 · Mattermost · Mattermost Welcomebot Plugin

CVE-2023-3613

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8