CVE-2023-6458Injection in Mattermost Mattermost-server V6

CWE-74InjectionCWE-22Path Traversal4 documents4 sources
Severity
9.8CRITICALNVD
CNA7.1
EPSS
0.5%
top 35.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Github.com Mattermost Mattermost-server V6Github.com Mattermost Mattermost ServerGithub.com Mattermost Mattermost Server V8+2 more
Timeline
PublishedDec 6

Description

Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDmattermost/mattermost_server8.0.08.1.5+3
CVEListV5mattermost/mattermost9.1.1+3

🔴Vulnerability Details

3
CVEList
Client side path traversal due to lack of route parameters validation2023-12-06
OSV
Mattermost Injection vulnerability2023-12-06
GHSA
Mattermost Injection vulnerability2023-12-06
CVE-2023-6458 — Injection | cvebase