CVE-2023-3581Origin Validation Error in Server

CWE-346Origin Validation Error3 documents3 sources
Severity
8.1HIGHNVD
CNA6.2
EPSS
0.2%
top 60.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost ServerMattermost
Timeline
PublishedJul 17

Description

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDmattermost/mattermost_server7.8.07.8.7+2
CVEListV5mattermost/mattermost7.8.6+2

🔴Vulnerability Details

2
CVEList
WebSockets accept connections from HTTPS origin2023-07-17
GHSA
GHSA-5g2h-c436-5ppg: Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs2023-07-17
CVE-2023-3581 — Origin Validation Error in Server | cvebase