CVE-2023-6458

Summary

Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 9.1.1affected
MattermostMattermost0 <= 9.0.2affected
MattermostMattermost0 <= 8.1.4affected
MattermostMattermost0 <= 7.8.13affected
MattermostMattermost9.1.2unaffected
MattermostMattermost9.0.3unaffected
MattermostMattermost8.1.5unaffected
MattermostMattermost7.8.14unaffected

Weaknesses

  • CWE-74: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

References