CVE Catalog

CVE-2023-3613

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

17th percentile — higher than 17% of all known CVEs

Summary

The Mattermost WelcomeBot plugin fails to validate membership status when inviting or adding users to channels, allowing guest accounts to be added by default.

Risk Assessment

The organization may be exposed to unauthorized access to channels by guest accounts, potentially leading to information leaks or privacy breaches.

Recommendation

It is recommended to update the WelcomeBot plugin and implement additional membership status verification mechanisms before adding users to channels.

Original NVD description (English source)

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS