CVE-2023-6459
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-6459: A vulnerability in Mattermost exposes channelIDs through the public /metrics endpoint. The endpoint groups calls by id and reports this id in the response, making it possible for unauthorized users to gain access to channel information. This issue may pose a significant risk to the confidentiality of communication channels. Mattermost's /metrics endpoint inadvertently reveals channelIDs, compromising security. Id is used as the grouping identifier, and since it corresponds to channelIDs, unauthorized users can access this sensitive information. The consequence is a potential breach of communication confidentiality. The Mattermost vulnerability, identified as CVE-2023-6459, exposes channelIDs via the /metrics endpoint. As this endpoint groups calls using the id, which is equivalent to the channelID, unauthorized access to channelIDs is possible, jeopardizing the confidentiality of communication channels. A vulnerability named CVE-2023-6459 affects Mattermost. This issue reveals channelIDs through the public /metrics endpoint, where id is utilized as the grouping identifier. Since the id corresponds to channelIDs, unauthorized users can obtain sensitive information, leading to a breach of communication confidentiality. CVE-2023-6459 is a vulnerability that impacts Mattermost. The /metrics endpoint, which is public, exposes channelIDs by using them as grouping identifiers. This misconfiguration discloses sensitive information, potentially breaching the confidentiality of communication channels.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions