CVE-2023-6458

描述

Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.

受影響套件(4)

• Bitnami/mattermostfrom 0, < 7.8.14, >= 8.0.0, < 8.1.5, >= 9.0.0, < 9.0.3, >= 9.1.0, < 9.1.2
• Go/github.com/mattermost/mattermost/server>= 9.1.0, < 9.1.2
• Go/github.com/mattermost/mattermost-server/v6from 0, < 7.8.14
• Go/github.com/mattermost/mattermost/server/v8from 0, < 8.1.5

CVSS 分數

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-6458
• PATCHhttps://github.com/mattermost/mattermost
• WEBhttps://mattermost.com/security-updates