CVE Catalog

CVE-2023-4105

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

Mattermost fails to delete the attachments when deleting a message in a thread, allowing a simple user to still access and download the attachment of a deleted message.

Risk Assessment

The organization may be exposed to data leakage as deleted attachments remain accessible to users.

Recommendation

It is recommended to update Mattermost to the latest version to ensure proper deletion of attachments when messages are deleted.

Original NVD description (English source)

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message

Vulnerability data from NVD (NIST) · CISA KEV · EPSS