CVE-2023-3586 — Incorrect Authorization in Server

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

5.4MEDIUMNVD

CNA4.2OSV5.5

EPSS

0.2%

top 57.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Server Linux Kernel Mattermost

Timeline

PublishedJul 17

Latest updateDec 12

Description

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶NVDmattermost/mattermost_server7.8.0 — 7.8.7+2

▶CVEListV5mattermost/mattermost7.8.6+2

▶Ubuntulinux/linux_kernel< 4.4.0-240.274

🔴Vulnerability Details

GHSA

Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations↗2025-12-12

▶

GHSA

GHSA-6wc4-xc3f-782r: Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared p↗2023-07-17

▶

CVEList

Disabling publicly-shared boards does not disable existing publicly available board links↗2023-07-17

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2023-04-26

▶