CVE-2023-1776

Published: Mar 31, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1776" target="_blank" rel="noopener"> CVE-2023-1776
GHSA: <a href="https://github.com/advisories/GHSA-63f2-6959-2pxj" target="_blank" rel="noopener"> GHSA-63f2-6959-2pxj
Severity: Medium
Exploit:

Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
mattermost / mattermost_server	7.7.1	7.7.1.x
mattermost / mattermost_server	-	7.1.6
github.com/mattermost/mattermost-server/v6	6.0.0	7.1.6
github.com/mattermost/mattermost-server	7.7.0	7.7.2
github.com/mattermost/mattermost-server	7.1.0	7.1.6
github.com/mattermost/mattermost-server	7.8.0	7.8.0.x
github.com/mattermost/mattermost-server	7.8.0	7.8.1
github.com/mattermost/mattermost-server/v5	5.0.0	7.1.6
github.com/mattermost/mattermost-server/v6	3.3.0	7.1.6