First published: Mon Jul 17 2023(Updated: )
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | <7.8.6 | |
Mattermost Mattermost Server | >=7.9.0<7.10.3 |
Update Mattermost to versions 7.8.6, 7.10.3 or higher. Alternatively, update the WelcomeBot plugin to version 1.3.0 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3613 is a vulnerability in the Mattermost WelcomeBot plugin that allows guest accounts to be added or invited to channels without proper validation of their membership status.
CVE-2023-3613 affects Mattermost Server versions up to 7.8.6 and versions between 7.9.0 and 7.10.3.
CVE-2023-3613 has a severity level of 3.5 (low).
To fix CVE-2023-3613, update your Mattermost Server to a version that is not affected by the vulnerability.
You can find more information about CVE-2023-3613 in the security updates page of Mattermost's official website.