CVE-2023-43754 Vulnerability Details

  /     /     /  

CVE-2023-43754 Metadata Quick Info

CVE Published: 27/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Mattermost | Vendor: Mattermost | Product: Mattermost
Status : PUBLISHED

---

CVE-2023-43754 Description

Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. 

Metrics

CVSS Version: 3.1 | Base Score: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Source: Mattermost

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).