CVE-2023-3615

Summary

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost iOS app0 <= 2.5.0affected
MattermostMattermost iOS app2.5.1unaffected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References