CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4108 – Audit logging fails to sanitize post metadata
https://notcve.org/view.php?id=CVE-2023-4108
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged • https://mattermost.com/security-updates • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4107 – Incorrect authorization allows a user manager to update a system admin
https://notcve.org/view.php?id=CVE-2023-4107
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name. • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4106 – A guest user can perform various actions on public playbooks
https://notcve.org/view.php?id=CVE-2023-4106
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4105 – Attachment of deleted message in a thread remains accessible and downloadable
https://notcve.org/view.php?id=CVE-2023-4105
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3615 – Lack of server certificate validation in websockets connection
https://notcve.org/view.php?id=CVE-2023-3615
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •