Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43754", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2023-11-22T11:37:35.971Z", "datePublished": "2023-11-27T09:11:13.283Z", "dateUpdated": "2024-08-02T19:52:11.105Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "7.8.12", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "8.1.3", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "9.0.1", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "9.1.0", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "9.0.2"}, {"status": "unaffected", "version": "9.1.1"}, {"status": "unaffected", "version": "7.8.13"}, {"status": "unaffected", "version": "8.1.4"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Harrison Healey"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost fails to check whether the \u201cAllow users to view archived channels\u201d setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the \u201cAllow users to view archived channels\u201d setting is disabled. </p>"}], "value": "Mattermost fails to check whether the\u00a0 \u201cAllow users to view archived channels\u201d\u00a0 setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the\u00a0\u201cAllow users to view archived channels\u201d setting is disabled.\u00a0\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-11-27T09:11:13.283Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.</p>"}], "value": "Update Mattermost Server to versions 9.0.2, 9.1.1, 7.8.13, 8.1.4 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00241", "defect": ["https://mattermost.atlassian.net/browse/MM-54221"], "discovery": "INTERNAL"}, "title": "Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.105Z"}, "title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}]}]}} 
ReportizFlow
Vulnrichment
Redhat