{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-43754","assignerOrgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","state":"PUBLISHED","assignerShortName":"Mattermost","dateReserved":"2023-11-22T11:37:35.971Z","datePublished":"2023-11-27T09:11:13.283Z","dateUpdated":"2024-08-02T19:52:11.105Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mattermost","vendor":"Mattermost","versions":[{"lessThanOrEqual":"7.8.12","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"8.1.3","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"9.0.1","status":"affected","version":"0","versionType":"semver"},{"lessThanOrEqual":"9.1.0","status":"affected","version":"0","versionType":"semver"},{"status":"unaffected","version":"9.0.2"},{"status":"unaffected","version":"9.1.1"},{"status":"unaffected","version":"7.8.13"},{"status":"unaffected","version":"8.1.4"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Harrison Healey"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. 

"}],"value":"Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled. \n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","shortName":"Mattermost","dateUpdated":"2023-11-27T09:11:13.283Z"},"references":[{"url":"https://mattermost.com/security-updates"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.

"}],"value":"Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.\n\n"}],"source":{"advisory":"MMSA-2023-00241","defect":["https://mattermost.atlassian.net/browse/MM-54221"],"discovery":"INTERNAL"},"title":"Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:52:11.105Z"},"title":"CVE Program Container","references":[{"url":"https://mattermost.com/security-updates","tags":["x_transferred"]}]}]}}