CVE-2023-7114

Summary

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 2.10.0affected
MattermostMattermost2.10.1 <= 2.10.0unaffected

Weaknesses

  • CWE-74: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References