CVE-2023-7114
HIGH severity · CVSS 7.1 · Injection
7.1CVSS HIGH
Summary
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges requiredLow
User interactionRequired
Confidentiality impactLow
Integrity impactHigh
Availability impactLow
Exploit probability (EPSS)0%
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.