CVE-2023-6459

Summary

CVE-2023-6459: A vulnerability in Mattermost exposes channelIDs through the public /metrics endpoint. The endpoint groups calls by id and reports this id in the response, making it possible for unauthorized users to gain access to channel information. This issue may pose a significant risk to the confidentiality of communication channels. Mattermost's /metrics endpoint inadvertently reveals channelIDs, compromising security. Id is used as the grouping identifier, and since it corresponds to channelIDs, unauthorized users can access this sensitive information. The consequence is a potential breach of communication confidentiality. The Mattermost vulnerability, identified as CVE-2023-6459, exposes channelIDs via the /metrics endpoint. As this endpoint groups calls using the id, which is equivalent to the channelID, unauthorized access to channelIDs is possible, jeopardizing the confidentiality of communication channels. A vulnerability named CVE-2023-6459 affects Mattermost. This issue reveals channelIDs through the public /metrics endpoint, where id is utilized as the grouping identifier. Since the id corresponds to channelIDs, unauthorized users can obtain sensitive information, leading to a breach of communication confidentiality. CVE-2023-6459 is a vulnerability that impacts Mattermost. The /metrics endpoint, which is public, exposes channelIDs by using them as grouping identifiers. This misconfiguration discloses sensitive information, potentially breaching the confidentiality of communication channels.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.