CVE Catalog

CVE-2023-3587

LowCVSS 2.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile — higher than 34% of all known CVEs

Summary

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state. This allows any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data, as users can gain access to the board with editor permissions without appropriate information about permissions.

Recommendation

It is recommended to update Mattermost to the latest version to fix this vulnerability and review user permissions and shared links in the system.

Original NVD description (English source)

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS