CVE-2023-45316

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 352

CWE ID 22

Summary

CVE-2023-45316 is a vulnerability affecting Mattermost that allows path traversal attacks. The issue lies in the way Mattermost handles telemetry run IDs in the /plugins/playbooks/api/v0/telemetry/run/<telem_run_ID> endpoint. An attacker can exploit this vulnerability by providing a relative path as a telemetry run ID, potentially leading to a CSRF attack by manipulating the request to point to a different endpoint.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tsPxx_
https://www.cve.org/CVERecord?id=CVE-2023-45316
https://nvd.nist.gov/vuln/detail/CVE-2023-45316

Back to Vulnerability Database

CVE-2023-45316

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations