First published: Mon Oct 09 2023(Updated: )
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | <7.8.11 | |
Mattermost Mattermost Server | >=8.0.0<8.0.3 | |
Mattermost Mattermost Server | >=8.1.0<8.1.2 | |
<7.8.11 | ||
>=8.0.0<8.0.3 | ||
>=8.1.0<8.1.2 |
Update Mattermost Server to versions 7.8.11, 8.0.3, 8.1.2 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5331 is a vulnerability in Mattermost where it fails to properly check the creator of an attached file when adding the file to a draft post.
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
Mattermost versions up to and including 7.8.11, versions between 8.0.0 and 8.0.3 (exclusive), and versions between 8.1.0 and 8.1.2 (exclusive) are affected.
CVE-2023-5331 has a severity rating of medium, with a score of 5.3.
To fix the CVE-2023-5331 vulnerability, update your Mattermost server to a version higher than 8.1.2 or apply the necessary patches from Mattermost.