CVE-2023-3613

Summary

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost Plugins0 <= 7.8.5affected
MattermostMattermost Plugins0 <= 7.10.2affected
MattermostMattermost Plugins7.8.6unaffected
MattermostMattermost Plugins7.10.3unaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References