CVE-2023-3587Missing Authorization in Server

CWE-862Missing Authorization3 documents3 sources
Severity
2.7LOWNVD
EPSS
0.1%
top 75.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost ServerMattermost
Timeline
PublishedJul 17

Description

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

NVDmattermost/mattermost_server7.8.07.8.7+1
CVEListV5mattermost/mattermost7.8.6+2

🔴Vulnerability Details

2
CVEList
Inconsistent state in UI after boards permission change by system admin2023-07-17
GHSA
GHSA-rg67-9vmj-5rpg: Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link t2023-07-17
CVE-2023-3587 — Missing Authorization in Server | cvebase