CVE-2023-3615
First published: Mon Jul 17 2023(Updated: )
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost | <2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-3615?
The severity of CVE-2023-3615 is high with a severity rating of 8.1.
How does Mattermost iOS app fail to validate the server certificate?
The Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection.
What is the impact of the vulnerability in Mattermost iOS app?
The vulnerability allows a network attacker to intercept the WebSockets connection.
Which versions of Mattermost iOS app are affected by the vulnerability?
The vulnerability affects Mattermost iOS app versions up to and excluding 2.5.1.
How can I mitigate the vulnerability in Mattermost iOS app?
To mitigate the vulnerability, update Mattermost iOS app to a version above 2.5.1.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/mattermost
- canonical/mattermost mattermost