CVE-2023-4108

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 11, 2023
Updated: Aug 15, 2023
CWE ID 601

Summary

CVE-2023-4108 is a vulnerability affecting the Mattermost collaboration platform. The issue lies in Mattermost's audit logging function, which fails to sanitize post metadata. This oversight results in permalink contents being logged, potentially exposing sensitive information. An attacker could exploit this vulnerability by crafting specially formulated messages containing malicious links. The logged permalinks, if accessed, could lead to unintended consequences, such as data breaches or unauthorized access. It is recommended that Mattermost users upgrade to the latest version to address this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Tomcat
  • Debian

Affected Vendors

  • Apache Software Foundation
  • Debian