Vulnerabilities > CVE-2023-3584 - Incorrect Authorization vulnerability in Mattermost Server

CVSS 3.1 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

high complexity

mattermost

CWE-863

NVD

Published: 2023-07-17

Updated: 2023-07-27

Summary

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.

Vulnerable Configurations

Part	Description	Count
Application	Mattermost Mattermost Mattermost Server 7.10.0 Mattermost Mattermost Server 7.10.1 Mattermost Mattermost Server 7.10.2 Mattermost Mattermost Server 7.8.0 Mattermost Mattermost Server 7.8.1 Mattermost Mattermost Server 7.8.2 Mattermost Mattermost Server 7.8.3 Mattermost Mattermost Server 7.8.4	8

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://mattermost.com/security-updates