CVE-2023-3577

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jul 17, 2023

Updated: Jul 27, 2023

CWE ID 918

Summary

CVE-2023-3577 is a vulnerability affecting Mattermost that allows for a limited blind Server-Side Request Forgery (SSRF) attack. The issue arises from the application's failure to adequately restrict requests to localhost/intranet during interactive dialogs. An attacker can exploit this vulnerability by manipulating the dialog to make unauthorized requests, potentially leading to the disclosure of internal information or access to restricted resources within the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost Server

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8c2on
https://www.cve.org/CVERecord?id=CVE-2023-3577
https://nvd.nist.gov/vuln/detail/CVE-2023-3577

Back to Vulnerability Database