CVE-2023-43754

Summary

Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. 

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 7.8.12affected
MattermostMattermost0 <= 8.1.3affected
MattermostMattermost0 <= 9.0.1affected
MattermostMattermost0 <= 9.1.0affected
MattermostMattermost9.0.2unaffected
MattermostMattermost9.1.1unaffected
MattermostMattermost7.8.13unaffected
MattermostMattermost8.1.4unaffected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References