First published: Fri Mar 31 2023(Updated: )
Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.
Credit: responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | <7.1.6 | |
Mattermost Mattermost Server | =7.7.1 |
Update Mattermost to version v7.8.0, v7.1.6, v7.7.2, or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-1776.
The title of this vulnerability is 'Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.'
The affected software is Mattermost Server version up to and including 7.1.6, and version 7.7.1.
The severity of this vulnerability is high.
To fix this vulnerability, upgrade to a version of Mattermost Server that is not affected by this vulnerability.