CVE-2023-1776
published 2023-03-31CVE-2023-1776: Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 7.1.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server | >= 7.7.0 < 7.7.2 | 7.7.2 |
| github.com | mattermost_mattermost-server | >= 7.8.0 < 7.8.1 | 7.8.1 |
| github.com | mattermost_mattermost-server_v5 | >= 5.0.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server_v6 | >= 3.3.0 < 7.1.6 | 7.1.6 |
| github.com | mattermost_mattermost-server_v6 | >= 6.0.0 < 7.1.6 | 7.1.6 |
| mattermost | mattermost | >= 3.3.0 < 7.8.0 | 7.8.0 |
| mattermost | mattermost | 3.3.0 – 7.7.1 | — |
| mattermost | mattermost_server | < 7.1.6 | 7.1.6 |
| mattermost | mattermost_server | — | — |