CVE-2023-6458

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 6, 2023

Updated: Dec 12, 2023

CWE ID 22

CWE ID 74

Summary

CVE-2023-6458 is a vulnerability affecting Mattermost's web application. It allows an attacker to execute client-side path traversal attacks by exploiting the application's failure to validate route parameters in URLs of the form /<TEAM_NAME>/channels/<CHANNEL_NAME>. This issue may result in unintended access to protected resources within the affected team and channel.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/to8s4S
https://www.cve.org/CVERecord?id=CVE-2023-6458
https://nvd.nist.gov/vuln/detail/CVE-2023-6458

Back to Vulnerability Database

CVE-2023-6458

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations