CVE Catalog
CVE-2023-3577
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk0.31%
23th percentile — higher than 23% of all known CVEs
Summary
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.
Risk Assessment
An attacker could exploit this vulnerability to gain access to internal network resources, potentially leading to the disclosure of sensitive information.
Recommendation
It is recommended to update Mattermost to the latest version to patch this vulnerability and implement additional access restrictions on API interfaces.
Original NVD description (English source)
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

