CVE-2023-43754

Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. 
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:24

Type Values Removed Values Added
References () https://mattermost.com/security-updates - Vendor Advisory () https://mattermost.com/security-updates - Vendor Advisory

01 Dec 2023, 21:18

Type Values Removed Values Added
First Time Mattermost
Mattermost mattermost
CWE NVD-CWE-noinfo
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*

27 Nov 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-27 10:15

Updated : 2024-11-21 08:24


NVD link : CVE-2023-43754

Mitre link : CVE-2023-43754

CVE.ORG link : CVE-2023-43754


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo