CVE-2023-2797

Summary

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost Github Plugin0 <= 7.1.9affected
MattermostMattermost Github Plugin0 <= 7.8.4affected
MattermostMattermost Github Plugin7.1.10unaffected
MattermostMattermost Github Plugin7.8.5unaffected
MattermostMattermost Github Plugin7.10.0affected
MattermostMattermost Github Plugin7.10.1unaffected

Weaknesses

  • CWE-74: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References