First published: Mon Jul 17 2023(Updated: )
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | <2.5.1 |
Update Mattermost iOS app to version 2.5.1 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-3615 is high with a severity rating of 8.1.
The Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection.
The vulnerability allows a network attacker to intercept the WebSockets connection.
The vulnerability affects Mattermost iOS app versions up to and excluding 2.5.1.
To mitigate the vulnerability, update Mattermost iOS app to a version above 2.5.1.