CVE-2023-43754

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 200

Summary

CVE-2023-43754 is a vulnerability affecting Mattermost, an open-source team collaboration platform. The issue lies in the lack of verification by Mattermost when displaying permalink previews. This enables members to access archived channels' permalink previews, bypassing the "Allow users to view archived channels" setting, which may result in unintended information disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost
Mattermost Mattermost

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/thIQ57
https://www.cve.org/CVERecord?id=CVE-2023-43754
https://nvd.nist.gov/vuln/detail/CVE-2023-43754

Back to Vulnerability Database