cbcvebase.
CVE-2023-43754
published 2023-11-27

CVE-2023-43754: Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view…

PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.51%
39.5th percentile
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server_v6>= 0 < 7.8.137.8.13
github.commattermost_mattermost_server_v8>= 0 < 8.1.48.1.4
github.commattermost_mattermost_server_v8>= 9.0.0 < 9.0.29.0.2
github.commattermost_mattermost_server_v8>= 9.1.0 < 9.1.19.1.1
mattermostmattermost<= 7.8.12
mattermostmattermost
mattermostmattermost8.0.0 – 8.1.3
mattermostmattermost9.0.0 – 9.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.