CVE-2023-3584
published 2023-07-17CVE-2023-3584: Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated…
low3.1CVSS 3.1
AVNACHPRLUINSUCNILAN
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | <= 7.8.4 | — |
| mattermost | mattermost_server | >= 7.10.0 < 7.10.3 | 7.10.3 |
| mattermost | mattermost_server | >= 7.8.0 < 7.8.5 | 7.8.5 |
| tinacms | cli | >= 1.0.0 < 1.0.9 | 1.0.9 |