CVE-2023-3590 — Incorrect Authorization in Server

Severity

7.5HIGHNVD

CNA3.1

EPSS

0.4%

top 41.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 17

Description

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

CVEList

Deleted attachments in Boards remain accessible↗2023-07-17

▶

GHSA

GHSA-h9fc-695x-fc5x: Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments↗2023-07-17

▶