Vulnerabilities > CVE-2023-3613 - Incorrect Authorization vulnerability in Mattermost Server

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
mattermost
CWE-863
NVD
Published: 2023-07-17
Updated: 2023-07-26

Summary

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

Vulnerable Configurations

Part Description Count
Application
Mattermost
667

Common Weakness Enumeration (CWE)

References