CVE-2023-3581 : Mattermost fails to properly validate the origin of a websocket connection allow

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.

Published 2023-07-17 16:15:10

Updated 2023-07-27 19:46:40

Source Mattermost, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-3581

Mattermost » Mattermost Server
Versions from including (>=) 7.8.0 and before (<) 7.8.7
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Matching versions
Mattermost » Mattermost Server
Versions from including (>=) 7.10.0 and before (<) 7.10.3
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Matching versions
Mattermost » Mattermost Server
Versions from including (>=) 7.9.0 and before (<) 7.9.5
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 34 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.2	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.3	5.9	Mattermost, Inc.
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

Jump to