CVE Catalog
CVE-2023-4105
LowCVSS 3.1Exploitation Probability (EPSS)
Low risk0.33%
25th percentile — higher than 25% of all known CVEs
Summary
Mattermost fails to delete the attachments when deleting a message in a thread, allowing a simple user to still access and download the attachment of a deleted message.
Risk Assessment
The organization may be exposed to data leakage as deleted attachments remain accessible to users.
Recommendation
It is recommended to update Mattermost to the latest version to ensure proper deletion of attachments when messages are deleted.
Original NVD description (English source)
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message

