CVE Vulnerabilities

CVE-2023-6202

Published: Nov 27, 2023 | Modified: Dec 01, 2023
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.

Affected Software

Name Vendor Start Version End Version
Mattermost Mattermost * 7.8.12 (including)
Mattermost Mattermost 8.0.0 (including) 8.1.3 (including)

References