CVE-2023-43754

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.

Published: Nov 27, 2023
Updated: May 10, 2024
CVE: CVE-2023-43754
GHSA: GHSA-jjr7-372r-cx7x
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
github.com/mattermost/mattermost/server/v8	9.1.0	9.1.1
github.com/mattermost/mattermost/server/v8	9.0.0	9.0.2
github.com/mattermost/mattermost/server/v8	-	8.1.4
github.com/mattermost/mattermost-server/v6	-	7.8.13
mattermost / mattermost	-	7.8.12.x
mattermost / mattermost	8.0.0	8.1.3.x
mattermost / mattermost	9.0.0	9.0.1.x
mattermost / mattermost	9.1.0	9.1.0.x

https://mattermost.com/security-updates

Vulnerability Database

289,784

CVE-2023-43754