What is CVE-2023-3577?

CVE-2023-3577 is a vulnerability in Mattermost that allows an attacker to perform a limited blind SSRF by exploiting the failure to properly restrict requests to localhost/intranet during the interactive dialog.

What is the severity of CVE-2023-3577?

CVE-2023-3577 has a severity of 4.3, which is considered medium.

How does CVE-2023-3577 affect Mattermost?

CVE-2023-3577 affects Mattermost versions between 7.8.0 and 7.8.7, as well as versions between 7.10.0 and 7.10.3 of Mattermost Server.

How can an attacker exploit CVE-2023-3577?

An attacker can exploit CVE-2023-3577 by sending unauthorized requests to localhost/intranet during the interactive dialog in Mattermost.

How can I fix CVE-2023-3577?

To fix CVE-2023-3577, it is recommended to upgrade Mattermost Server to a version beyond 7.10.3 or 7.8.7, depending on your current version.

Vulnerability/
CVE-2023-3577

medium

4.3

CWE

918

17/7/2023

21/10/2024

CVE-2023-3577: Limited blind SSRF to localhost/intranet in interactive dialog implementation

First published: Mon Jul 17 2023(Updated: )

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com

Affected Software	Affected Version	How to fix
Mattermost Mattermost Server	>=7.8.0<7.8.7
Mattermost Mattermost Server	>=7.10.0<7.10.3

Remedy

Update Mattermost Server to versions v7.8.7, v7.10.3 or higher.

Never miss a vulnerability like this again

Reference Links

https://mattermost.com/security-updates

Frequently Asked Questions

What is CVE-2023-3577?
CVE-2023-3577 is a vulnerability in Mattermost that allows an attacker to perform a limited blind SSRF by exploiting the failure to properly restrict requests to localhost/intranet during the interactive dialog.
What is the severity of CVE-2023-3577?
CVE-2023-3577 has a severity of 4.3, which is considered medium.
How does CVE-2023-3577 affect Mattermost?
CVE-2023-3577 affects Mattermost versions between 7.8.0 and 7.8.7, as well as versions between 7.10.0 and 7.10.3 of Mattermost Server.
How can an attacker exploit CVE-2023-3577?
An attacker can exploit CVE-2023-3577 by sending unauthorized requests to localhost/intranet during the interactive dialog in Mattermost.
How can I fix CVE-2023-3577?
To fix CVE-2023-3577, it is recommended to upgrade Mattermost Server to a version beyond 7.10.3 or 7.8.7, depending on your current version.

collector/nvd-latest
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
agent/references
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/title
agent/last-modified-date
agent/first-publish-date
agent/event
agent/tags
vendor/mattermost
canonical/mattermost mattermost server
version/mattermost mattermost server/7.8.0
version/mattermost mattermost server/7.10.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.