CVE-2023-43754

Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. 
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*

History

01 Dec 2023, 21:18

Type Values Removed Values Added
First Time Mattermost
Mattermost mattermost
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3

27 Nov 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-27 10:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-43754

Mitre link : CVE-2023-43754

CVE.ORG link : CVE-2023-43754


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor