CVE-2023-2783
published 2023-06-16CVE-2023-2783: Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent…
PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.44%
35.1th percentile
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server_v6 | >= 0 < 6.0.0-20230511130429-1629a6ca7fed | 6.0.0-20230511130429-1629a6ca7fed |
| github.com | mattermost_mattermost-server_v6 | >= 6.0.0 < 7.8.5 | 7.8.5 |
| github.com | mattermost_mattermost-server_v6 | >= 7.10.0 < 7.10.1 | 7.10.1 |
| github.com | mattermost_mattermost-server_v6 | >= 7.9.0 < 7.9.4 | 7.9.4 |
| mattermost | mattermost | — | — |
| mattermost | mattermost | 7.8.0 – 7.8.4 | — |
| mattermost | mattermost | 7.9.0 – 7.9.3 | — |
| mattermost | mattermost_app_framework | <= 7.8.4 | — |
| mattermost | mattermost_app_framework | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mattermost Server Missing Authorization vulnerability
ghsa·2023-06-16
CVE-2023-2783 [MEDIUM] CWE-862 Mattermost Server Missing Authorization vulnerability
Mattermost Server Missing Authorization vulnerability
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
OSV
Mattermost Server Missing Authorization vulnerability
osv·2023-06-16
CVE-2023-2783 [MEDIUM] Mattermost Server Missing Authorization vulnerability
Mattermost Server Missing Authorization vulnerability
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-16
Published