CVE Catalog

CVE-2023-3590

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.

Risk Assessment

An attacker may gain access to sensitive data that should have been deleted, potentially leading to privacy and information security breaches.

Recommendation

It is recommended to update Mattermost to the latest version to address this vulnerability and to monitor access to attachments.

Original NVD description (English source)

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS