First published: Mon Jul 17 2023(Updated: )
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | >=7.8.0<7.8.7 | |
Mattermost Mattermost Server | >=7.9.0<7.9.5 | |
Mattermost Mattermost Server | >=7.10.0<7.10.3 |
Update Mattermost Server to versions v7.8.7, v7.9.5, v7.10.3 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3581 is a vulnerability in Mattermost that allows a MITM attacker on Mattermost to access the websocket APIs.
Mattermost fails to properly validate the origin of a websocket connection, allowing a MITM attacker to access the websocket APIs.
CVE-2023-3581 has a severity rating of 8.1 (high).
Versions 7.8.0 to 7.8.7, 7.9.0 to 7.9.5, and 7.10.0 to 7.10.3 of Mattermost Server are affected by CVE-2023-3581.
To fix the CVE-2023-3581 vulnerability in Mattermost Server, you should update to a version above 7.10.3, 7.9.5, or 7.8.7 depending on your current version.