CVE-2023-5193

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 29, 2023

Updated: Oct 3, 2023

CWE ID 20

Summary

CVE-2023-5193 is a vulnerability affecting Mattermost, an open-source collaboration platform. The issue arises due to insufficient permission checks when retrieving a post. An attacker can exploit this flaw to gain unauthorized access to the Direct Message (DM) conversations of a System Role, which holds the permission to manage channels. This vulnerability poses a significant risk, enabling unauthenticated users to read sensitive information exchanged in DM conversations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t7TuP2
https://www.cve.org/CVERecord?id=CVE-2023-5193
https://nvd.nist.gov/vuln/detail/CVE-2023-5193

Back to Vulnerability Database

CVE-2023-5193

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations