CVE-2023-6202

Summary

CVE-2023-6202: Mattermost's /plugins/focalboard/api/v2/users endpoint fails to implement sufficient authorization checks, enabling unauthorized access for guest users. An attacker who knows another user's ID can exploit this vulnerability to retrieve sensitive information such as their name, surname, and nickname from Mattermost Boards.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.